Metasploit Array Handling

When developing exploit for OpenNetAdmin , more than one values sent with the same parameter.

vars_post = {
      'xajax'       => 'window_submit',
      'xajaxargs[]' => 'tooltips',
      'xajaxargs[]' => 'ip%3D%3E;#{filter_bad_chars(cmd)};',
      'xajaxargs[]' => 'ping'
    }

However, when using vars_post in Metasploit, the values were received as hash, and when trying to send it as above, the error was encountered. The request that sent looks like xajax=window_submit&xajaxargs%5B%5D=ping

With the change I made in the client_request.rb file, array handling support was added to POST request.

opts['vars_post'].each_pair do |var,val|
  var = var.to_s
  unless val.is_a?(Array)
    val = [val]
  end
  val.each do |v|
    v = v.to_s
    pstr << '&' if pstr.length > 0
    pstr << (opts['encode_params'] ? set_encode_uri(var) : var)
    pstr << '='
    pstr << (opts['encode_params'] ? set_encode_uri(v) : v)
  end
end

Metasploit has started to accept the values to be sent with the same parameter as below as an array.

vars_post = {
      'xajax'          => 'window_submit',
      'xajaxargs[]' => ['tooltips', 'ip=>;#{cmd};', 'ping']
    }

22 Feb 2020

« Metasploit Dizi İşleme Desteği

Pandora 7.0NG RCE Exploit »

Onur ER
Onur ER

Onur ER

Metasploit Array Handling

Onur ER

Onur ER

Arama