-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Corrected headers check for retrieved cookie #14442
Conversation
Previous get_cookies method not working properly
The tests failed due to accessing
If there's a bug in Can you run again with |
Here is the output:
|
lol What does Can you throw It looks like the cookie value is used for both the my_id=#{session}; PHPSESSID=#{session} If the output of Also this module is kind of a mess and is inline with current design and style standards. It could do with some cleanup. |
Here you go:
|
Thanks. So it looks like It would probably make more sense to rework the cookie parsing logic in this module to use Does something like this work for you? if res.get_cookies =~ /PHPSESSID=(.+);/ If so, that seems like the best fix. I'm going to assume that the server always issues both a Thanks for taking the time to report and fix this. It looks like it was broken in 8d4d40b and never tested. Ideally this module should be rewritten and tested. But I have neither the time nor the interest. |
Works for me - successful when new code applied.
|
Confirimed switching it to
|
For the record, I went back through the SVN history on SourceForge and noticed that the oldest revision is v0.5.0 according to |
Release NotesFixed the |
Previous get_cookies method not working properly.
This pull corrects a non-functioning cookie verification in the sphpblog_file_upload exploit.
Bug: (#14441)
Verification
List the steps needed to make sure this thing works
Start Kali with updated Metasploit, add NIC assigned to 10.10.10.250/24
Start pWnOS v2.0 (already hardcoded as 10.10.10.100)
msfconsole
use exploit/unix/webapp/sphpblog_file_upload
set rhosts 10.10.10.100
set uri /blog
set lhost 10.10.10.250
exploit
This should trigger a successful exploit: