infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

info updated with rails information

bug/bundler_fix
jvazquez-r7 2013-02-13 09:52:17 +01:00
parent f46eda2fa9
commit 0ae473b010
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/auxiliary/admin/http/rails_devise_pass_reset.rb
View File

@ -26,7 +26,10 @@ class Metasploit3 < Msf::Auxiliary
but these may require adjustment for implementations which customize them.
Affects Devise < v2.2.3, 2.1.3, 2.0.5 and 1.5.4 when backed by any database
except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4.
except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4 on Rails
3.2.11. Patch applied to Rails 3.2.12 should prevent exploitation of this
vulnerability, by quoting numeric values when comparing them with non numeric
values.
},
'Author' =>
[
@ -40,7 +43,8 @@ class Metasploit3 < Msf::Auxiliary
[ 'OSVDB', '89642' ],
[ 'BID', '57577' ],
[ 'URL', 'http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/'],
[ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html']
[ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html'],
[ 'URL', 'https://github.com/rails/rails/commit/921a296a3390192a71abeec6d9a035cc6d1865c8' ]
],
'DisclosureDate' => 'Jan 28 2013'
))