Land #5312, @todb-r7's release fixes
commit
134a674ef3
|
@ -16,13 +16,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service',
|
'Name' => 'MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module will check if your hosts are vulnerable to CVE-2015-1635 (MS15-034). A
|
This module will check if scanned hosts are vulnerable to CVE-2015-1635 (MS15-034), a
|
||||||
vulnerability in the HTTP Protocol stack (HTTP.sys) that could result in arbitrary code
|
vulnerability in the HTTP protocol stack (HTTP.sys) that could result in arbitrary code
|
||||||
execution. This module will try to cause a denial-of-service.
|
execution. This module will try to cause a denial-of-service.
|
||||||
|
|
||||||
Please note that you must supply a valid file resource for the TARGETURI option.
|
Please note that a valid file resource must be supplied for the TARGETURI option.
|
||||||
By default, IIS may come with these settings that you could try: iisstart.htm,
|
By default, IIS provides 'welcome.png' and 'iis-85.png' as resources.
|
||||||
welcome.png, iis-85.png, etc.
|
Others may also exist, depending on configuration options.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
|
|
@ -15,7 +15,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft',
|
'Name' => 'Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
A vulnerability exists in versions of OSX/iOS/Windows Safari released
|
A vulnerability exists in versions of OSX, iOS, and Windows Safari released
|
||||||
before April 8, 2015 that allows the non-HTTPOnly cookies of any
|
before April 8, 2015 that allows the non-HTTPOnly cookies of any
|
||||||
domain to be stolen.
|
domain to be stolen.
|
||||||
},
|
},
|
||||||
|
|
|
@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'Name' => 'Java RMI Registry Interfaces Enumeration',
|
'Name' => 'Java RMI Registry Interfaces Enumeration',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module gathers information from an RMI endpoint running an RMI registry
|
This module gathers information from an RMI endpoint running an RMI registry
|
||||||
interface. It enumerates the names bound into a registry and lookups each
|
interface. It enumerates the names bound in a registry and looks up each
|
||||||
remote reference.
|
remote reference.
|
||||||
},
|
},
|
||||||
'Author' => ['juan vazquez'],
|
'Author' => ['juan vazquez'],
|
||||||
|
|
|
@ -404,7 +404,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'SSL Labs API Client',
|
'Name' => 'SSL Labs API Client',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module is a simple client for the SSL Labs APIs, designed for SSL/TLS assessment during a penetration testing.
|
This module is a simple client for the SSL Labs APIs, designed for
|
||||||
|
SSL/TLS assessment during a penetration test.
|
||||||
},
|
},
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Author' =>
|
'Author' =>
|
||||||
|
|
|
@ -15,8 +15,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Embedthis GoAhead Embedded Web Server Directory Traversal',
|
'Name' => 'Embedthis GoAhead Embedded Web Server Directory Traversal',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a directory traversal vulnerability in the Embedthis GoAhead Web Server v3.4.1,
|
This module exploits a directory traversal vulnerability in the Embedthis
|
||||||
allowing to read arbitrary files with the web server privileges.
|
GoAhead Web Server v3.4.1, allowing an attacker to read arbitrary files
|
||||||
|
with the web server privileges.
|
||||||
},
|
},
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
|
|
|
@ -14,7 +14,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
super(
|
super(
|
||||||
'Name' => 'Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure',
|
'Name' => 'Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
|
This module tests vulnerable IIS HTTP header file paths on Microsoft
|
||||||
|
Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a directory traversal vulnerability in WordPress Plugin
|
This module exploits a directory traversal vulnerability in WordPress Plugin
|
||||||
"WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the
|
"WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the
|
||||||
web server privileges. Stay tuned to the correct value in TARGETURI.
|
web server privileges.
|
||||||
},
|
},
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
|
|
|
@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a remote command injection vulnerability on several routers. The
|
This module exploits a remote command injection vulnerability on several routers. The
|
||||||
vulnerability exists in the ncc service, while handling ping commands. This module has
|
vulnerability exists in the ncc service, while handling ping commands. This module has
|
||||||
been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices
|
been tested on a DIR-626L emulated environment. Several D-Link and TRENDnet devices
|
||||||
are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L
|
are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L
|
||||||
(Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link
|
(Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link
|
||||||
DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A)
|
DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A)
|
||||||
|
|
|
@ -17,9 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Name' => 'Wordpress SlideShow Gallery Authenticated File Upload',
|
'Name' => 'Wordpress SlideShow Gallery Authenticated File Upload',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
The Wordpress SlideShow Gallery plugin contains an authenticated file upload
|
The Wordpress SlideShow Gallery plugin contains an authenticated file upload
|
||||||
vulnerability. We can upload arbitrary files to the upload folder, because
|
vulnerability. An attacker can upload arbitrary files to the upload folder.
|
||||||
the plugin also uses it's own file upload mechanism instead of the wordpress
|
Since the plugin uses its own file upload mechanism instead of the WordPress
|
||||||
api it's possible to upload any file type.
|
API, it's possible to upload any file type.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
|
|
@ -35,7 +35,7 @@ class Metasploit3 < Msf::Exploit::Local
|
||||||
[
|
[
|
||||||
[ 'URL', 'https://msdn.microsoft.com/en-us/library/windows/desktop/ms682431' ]
|
[ 'URL', 'https://msdn.microsoft.com/en-us/library/windows/desktop/ms682431' ]
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Jan 01 1999' # Not valid but required by msftidy
|
'DisclosureDate' => 'Jan 01 1999' # Same as psexec -- a placeholder date for non-vuln 'exploits'
|
||||||
))
|
))
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
|
|
Loading…
Reference in New Issue