Add table prefix and doc root as fallback options

bcoles · bcoles · commit a03cfce74c45 · 2013-11-25T17:44:26.000+10:30
diff --git a/modules/exploits/unix/webapp/kimai_sqli.rb b/modules/exploits/unix/webapp/kimai_sqli.rb
@@ -54,7 +54,8 @@ def initialize(info={})
       register_options(
         [
           OptString.new('TARGETURI',  [true,  'The base path to Kimai', '/kimai/']),
-          OptString.new('TARGETPATH', [false, 'The path to the web server document root directory', '/var/www/'])
+          OptString.new('FALLBACK_TARGET_PATH', [false, 'The path to the web server document root directory', '/var/www/']),
+          OptString.new('FALLBACK_TABLE_PREFIX', [false, 'The MySQL table name prefix string for Kimai tables', 'kimai_'])
         ], self.class)
   end
 
@@ -90,7 +91,7 @@ def exploit
       path = "#{$1}"
       print_good("#{peer} - Found file system path: #{path}")
     else
-      path = normalize_uri(datastore['TARGETPATH'], target_uri.path)
+      path = normalize_uri(datastore['FALLBACK_TARGET_PATH'], target_uri.path)
       print_warning("#{peer} - Could not retrieve file system path. Assuming '#{path}'")
     end
 
@@ -103,7 +104,7 @@ def exploit
       table_prefix = "#{prefixes.flatten.last}"
       print_good("#{peer} - Found table name prefix: #{table_prefix}")
     else
-      table_prefix = 'kimai_'
+      table_prefix = normalize_uri(datastore['FALLBACK_TABLE_PREFIX'], target_uri.path)
       print_warning("#{peer} - Could not retrieve MySQL table name prefix. Assuming '#{table_prefix}'")
     end
 
