Merge pull request #20194 from adfoster-r7/ensure-thinkphp-rce-runs-on-metasploit-pro

Ensure thinkphp rce runs on metasploit pro

Author: adfoster-r7

modules/exploits/unix/webapp/thinkphp_rce.rb

@@ -88,6 +88,12 @@ def initialize(info = {})
     ])
   end
 
+  # The CmdStager mixin implicitly includes the HttpServer mixin which opts this module out of auto-exploitation
+  # https://github.com/rapid7/metasploit-framework/blob/72ae91e4bc763da378bbd5be104f642f9d7eebc1/lib/msf/core/exploit/remote/http_server.rb#L53-L58
+  def autofilter
+    true
+  end
+
   # PoC version check using the first <span> from the ThinkPHP copyright:
   #
   #   wvu@kharak:~$ curl -vs "http://127.0.0.1:8080/index.php?s=$((RANDOM))" | xmllint --html --xpath 'substring-after(//div[@class = "copyright"]/span[1]/text(), "V")' -