Responded to comments

rapid7 · Jan 15, 2025 · 2254a1f · 2254a1f
1 parent 18be9fc
commit 2254a1f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/documentation/modules/exploit/linux/http/craftcms_ftp_template.md b/documentation/modules/exploit/linux/http/craftcms_ftp_template.md
@@ -19,7 +19,7 @@ to inject and execute arbitrary PHP code on the server via crafted HTTP requests
 
 To test this exploit, follow these steps to set up a vulnerable Craft CMS environment.
 
-#### Non-Docker Setup
+#### Docker Setup
 
 Install a specific vulnerable version of Craft CMS:
 
@@ -67,7 +67,7 @@ ddev launch
 
 1. Start the vulnerable Craft CMS instance using the steps above.
 2. Launch `msfconsole`.
-3. Use the module: `use exploit/multi/http/craftcms_twig_rce`.
+3. Use the module: `use exploit/linux/http/craftcms_ftp_template`.
 4. Set `RHOSTS` to the target Craft CMS instance.
 5. Configure additional options (`TARGETURI`, `SSL`, etc.) as needed.
 6. Execute the exploit with the `run` command.

diff --git a/modules/exploits/linux/http/craftcms_ftp_template.rb b/modules/exploits/linux/http/craftcms_ftp_template.rb
@@ -29,6 +29,9 @@ def initialize(info = {})
           ['URL', 'https://github.com/Chocapikk/CVE-2024-56145'],
           ['URL', 'https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms']
         ],
+        'Payload' => {
+          'BadChars' => "\x22\x27" # " and '
+        },
         'License' => MSF_LICENSE,
         'Privileged' => false,
         'Platform' => %w[unix linux],