Fixed the check

Turns out the export returns a 500 by default. Fixing.
2013-01-01 23:15:10 +00:00 · 2013-01-01 23:15:10 +00:00 · 4ba5b45ad3
parent dd0482cb9d
commit 4ba5b45ad3
1 changed files with 2 additions and 2 deletions
--- a/modules/exploits/multi/http/wp_advanced_custom_fields_exec.rb
+++ b/modules/exploits/multi/http/wp_advanced_custom_fields_exec.rb
@ -59,8 +59,8 @@ class Metasploit3 < Msf::Exploit::Remote
 		uri << '/' if uri[-1,1] != '/'

 		res = send_request_cgi({
-			'method' => 'GET',
-			'uri'    => "#{uri}wp-content/plugins/advanced-custom-fields/core/actions/export.php"
+			'method' => 'POST',
+			'uri'    => "#{uri}wp-content/plugins/advanced-custom-fields/core/api.php"
 		})

 		if res and res.code == 200