adobe_flash_sps.rb - resource_uri vs get_resource
resource_uri will randomize the returned uri unless datastore['URIPATH"] is set. get_resource will return the currently used reosurce_uri Since the incorrect type is used, this exploit is completely broken. Tested fix with both URIPATH set to / and unset, and it works after redirect.unstable
parent
69c25014ae
commit
d91b412661
|
@ -108,8 +108,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
# Redirect to a trailing slash so relative paths work properly
|
||||
if resource_uri != "/" and not request.uri.index("#{resource_uri}/")
|
||||
uri = resource_uri + "/"
|
||||
if get_resource != "/" and not request.uri.index("#{get_resource}/")
|
||||
uri = get_resource + "/"
|
||||
send_redirect(cli, uri)
|
||||
return
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue