From 5559de24585686b8ea6e47e2eb0d47ad47bec545 Mon Sep 17 00:00:00 2001 From: Jacob Robles Date: Mon, 15 Apr 2019 07:06:27 -0500 Subject: [PATCH] Update documentation --- .../auxiliary/admin/http/wp_google_maps_sqli.md | 13 ++++++------- modules/auxiliary/admin/http/wp_google_maps_sqli.rb | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/documentation/modules/auxiliary/admin/http/wp_google_maps_sqli.md b/documentation/modules/auxiliary/admin/http/wp_google_maps_sqli.md index 49aa57f549..9f8809914f 100644 --- a/documentation/modules/auxiliary/admin/http/wp_google_maps_sqli.md +++ b/documentation/modules/auxiliary/admin/http/wp_google_maps_sqli.md @@ -20,15 +20,14 @@ Change the table prefix. By default, this option is set to `wp_`. ## Scenarios -### wp-google-maps 7.11.17 on WordPress 5.1.1 +### wp-google-maps 7.11.17 on WordPress 4.9.5 ``` -msf5 auxiliary(admin/http/wp_google_maps_sql_injection) > run -[*] Running module against 127.0.0.1 +msf5 auxiliary(admin/http/wp_google_maps_sqli) > exploit +[*] Running module against 172.22.222.144 -[*] 127.0.0.1:80 - Trying to retrieve the wp_users table... -[+] 127.0.0.1:80 - Found admin $P$Bbfp4csOlKV/XoKGjqViW1pWFzTlQz/ junk@junk.tld -[!] No active DB -- Credential data will not be saved! -[+] Credentials saved in: /home/user/.msf4/loot/2019(...).txt +[*] 172.22.222.144:80 - Trying to retrieve the wp_users table... +[+] Credentials saved in: /home/msfdev/.msf4/loot/20190415065921_default_172.22.222.144_wp_google_maps.j_022930.bin +[+] 172.22.222.144:80 - Found msfdev [*] Auxiliary module execution completed ``` diff --git a/modules/auxiliary/admin/http/wp_google_maps_sqli.rb b/modules/auxiliary/admin/http/wp_google_maps_sqli.rb index 7450809e5c..8dc96a4c51 100644 --- a/modules/auxiliary/admin/http/wp_google_maps_sqli.rb +++ b/modules/auxiliary/admin/http/wp_google_maps_sqli.rb @@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary super( 'Name' => 'WordPress Google Maps Plugin SQL Injection', 'Description' => %q{ - This module exploits a SQL injection vulnerability in the a REST endpoint + This module exploits a SQL injection vulnerability in a REST endpoint registered by the WordPress plugin wp-google-maps between 7.11.00 and 7.11.17 (included).