infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #6882, fix moodle_cmd_exec HTML parsing to use REX

bug/bundler_fix
Brent Cook 2016-05-23 23:25:22 -05:00
parent 928a706135 e8ac568352
commit 5bf8891c54
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
1 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/exploits/multi/http/moodle_cmd_exec.rb
View File

@ -9,7 +9,6 @@ require 'rexml/document'
class MetasploitModule < Msf::Exploit::Remote class MetasploitModule < Msf::Exploit::Remote
Rank = GoodRanking Rank = GoodRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
def initialize(info={}) def initialize(info={})
@ -101,17 +100,10 @@ class MetasploitModule < Msf::Exploit::Remote
'cookie' => sess 'cookie' => sess
}) })
tinymce.body.each_line do |line| sesskey = tinymce.get_hidden_inputs[1]['sesskey']
next if line !~ /name="sesskey"/ unless sesskey
sesskey = line[0..line.index('>')]
end
if sesskey == ''
fail_with(Failure::UnexpectedReply, "Unable to get proper session key") fail_with(Failure::UnexpectedReply, "Unable to get proper session key")
end end
sesskey = REXML::Document.new sesskey
sesskey = sesskey.root.attributes["value"]
else else
sesskey = datastore['SESSKEY'] sesskey = datastore['SESSKEY']
end end