infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update oscommerce_installer_unauth_code_exec.rb

GSoC/Meterpreter_Web_Console
Daniel Teixeira 2018-04-06 14:14:11 +01:00 committed by GitHub
parent 6698f1b64b
commit cbdb3a35b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb
View File

@ -51,7 +51,12 @@ class MetasploitModule < Msf::Exploit::Remote
'method' => 'GET'
})
if res and res.code == 200 and res.body.include?('Welcome to osCommerce Online Merchant v2.3.4!')
ins = send_request_cgi({
'uri' => normalize_uri(datastore['URI'], 'install.php'),
'method' => 'GET'
})
if ins && ins.code == 200 && res && res.code == 200 && res.body.include?('Welcome to osCommerce Online Merchant')
return CheckCode::Vulnerable
end