Fix requires for PhpEXE

And incidentally fix some msftidy complaints
2013-06-19 16:27:54 -05:00 · 2013-06-19 16:27:54 -05:00 · 81b4efcdb8
parent f91719bf80
commit 81b4efcdb8
12 changed files with 13 additions and 19 deletions
--- a/lib/msf/core/exploit/mixins.rb
+++ b/lib/msf/core/exploit/mixins.rb
@ -15,6 +15,7 @@ require 'msf/core/exploit/seh'
 require 'msf/core/exploit/kernel_mode'
 require 'msf/core/exploit/exe'
 require 'msf/core/exploit/ropdb'
+require 'msf/core/exploit/php_exe'

 # CmdStagers
 require 'msf/core/exploit/cmdstager'
--- a/lib/msf/core/exploit/php_exe.rb
+++ b/lib/msf/core/exploit/php_exe.rb
@ -6,11 +6,12 @@
 #
 ###

-require 'msf/core/payload/php'
-
 module Msf
 module Exploit::PhpEXE
 	include Exploit::EXE
+
+	require 'msf/core/payload'
+	require 'msf/core/payload/php'
 	include Payload::Php

 	#
--- a/modules/exploits/linux/http/vcms_upload.rb
+++ b/modules/exploits/linux/http/vcms_upload.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/multi/http/auxilium_upload_exec.rb
+++ b/modules/exploits/multi/http/auxilium_upload_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/multi/http/eaton_nsm_code_exec.rb
+++ b/modules/exploits/multi/http/eaton_nsm_code_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -16,13 +15,15 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection',
+			'Name'           => 'Network Shutdown Module (sort_values) Remote PHP Code Injection',
 			'Description'    => %q{
-				This module exploits a vulnerability in lib/dbtools.inc which uses
-				unsanitized user input inside a eval() call. Additionally the base64 encoded
-				user credentials are extracted from the database of the application. Please
-				note that in order to be able to steal credentials, the vulnerable service
-				must have at least one USV module (an entry in the "nodes" table in mgedb.db)
+				This module exploits a vulnerability in Eaton Network Shutdown Module
+				version <= 3.21, in lib/dbtools.inc which uses unsanitized user input
+				inside a eval() call. Additionally the base64 encoded user credentials
+				are extracted from the database of the application. Please note that
+				in order to be able to steal credentials, the vulnerable service must
+				have at least one USV module (an entry in the "nodes" table in
+				mgedb.db)
 			},
 			'Author'         =>
 				[
--- a/modules/exploits/multi/http/mobilecartly_upload_exec.rb
+++ b/modules/exploits/multi/http/mobilecartly_upload_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/multi/http/polarcms_upload_exec.rb
+++ b/modules/exploits/multi/http/polarcms_upload_exec.rb
@ -7,7 +7,6 @@


 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/multi/http/sflog_upload_exec.rb
+++ b/modules/exploits/multi/http/sflog_upload_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
+++ b/modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
@ -16,7 +15,7 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution',
+			'Name'           => 'Invision IP.Board unserialize() PHP Code Execution',
 			'Description'    => %q{
 					This module exploits a php unserialize() vulnerability in Invision IP.Board
 				<= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary
--- a/modules/exploits/unix/webapp/projectpier_upload_exec.rb
+++ b/modules/exploits/unix/webapp/projectpier_upload_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb
+++ b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb
@ -6,7 +6,6 @@
 ##

 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking
--- a/modules/exploits/unix/webapp/wp_property_upload_exec.rb
+++ b/modules/exploits/unix/webapp/wp_property_upload_exec.rb
@ -7,7 +7,6 @@


 require 'msf/core'
-require 'msf/core/exploit/php_exe'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking