adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Land #14222, Update php_fpm_rce.rb to replace depreciated URI.encode calls with Rex::Text::uri_encode

Browse Source
This commit is contained in:
Grant Willcox
2020-11-04 14:04:28 -06:00
parent 641ae93731 a1164dbe9e
commit d50ac2972d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/multi/http/php_fpm_rce.rb
+2 -2
View File
@@ -126,8 +126,8 @@ class MetasploitModule < Msf::Exploit::Remote
end
def send_crafted_request(path:, qsl: datastore['MinQSL'], customh_length: 1, cmd: '', allow_retry: true)
uri = URI.encode(normalize_uri(target_uri.path, path)).gsub(/([?&])/, {'?'=>'%3F', '&'=>'%26'})
qsl_delta = uri.length - path.length - URI.encode(target_uri.path).length
uri = CGI.escape(normalize_uri(target_uri.path, path)).gsub(/([?&])/, {'?'=>'%3F', '&'=>'%26'})
qsl_delta = uri.length - path.length - CGI.escape(target_uri.path).length
if qsl_delta.odd?
fail_with Failure::Unknown, "Got odd qslDelta, that means the URL encoding gone wrong: path=#{path}, qsl_delta=#{qsl_delta}"
end