Fix #3914 - Inconsistent unicode names
parent
10dc6ed2fe
commit
1e2d860ae1
|
@ -676,6 +676,16 @@ module Exploit::Remote::HttpServer::HTML
|
||||||
|
|
||||||
include Msf::Exploit::Remote::HttpServer
|
include Msf::Exploit::Remote::HttpServer
|
||||||
|
|
||||||
|
UTF_NONE = 'none'
|
||||||
|
UTF_7 = 'utf-7'
|
||||||
|
UTF_7_ALL = 'utf-7-all'
|
||||||
|
UTF_8 = 'utf-8'
|
||||||
|
UTF_16_LE = 'utf-16le'
|
||||||
|
UTF_16_BE = 'utf-16be'
|
||||||
|
UTF_16_BE_MARKER = 'utf-16be-marker'
|
||||||
|
UTF_32_LE = 'utf-32le'
|
||||||
|
UTF_32_BE = 'utf-32be'
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
|
@ -687,7 +697,7 @@ protected
|
||||||
# most browsers. as such, they are not added by default. The
|
# most browsers. as such, they are not added by default. The
|
||||||
# mixin supports encoding using them, however they are not
|
# mixin supports encoding using them, however they are not
|
||||||
# listed in the Option.
|
# listed in the Option.
|
||||||
OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]),
|
OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', UTF_NONE, [UTF_NONE, UTF_16_LE, UTF_16_BE, UTF_16_BE_MARKER, UTF_32_LE, UTF_32_BE]]),
|
||||||
OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object (IE not supported)', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
|
OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object (IE not supported)', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
|
||||||
OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]),
|
OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]),
|
||||||
], Exploit::Remote::HttpServer::HTML)
|
], Exploit::Remote::HttpServer::HTML)
|
||||||
|
@ -881,19 +891,19 @@ protected
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
if ['utf-16le','utf-16be','utf32-le','utf32-be','utf-7','utf-8'].include?(datastore['HTML::unicode'])
|
if [UTF_16_LE,UTF_16_BE,UTF_32_LE,UTF_32_BE,UTF_7,UTF_8].include?(datastore['HTML::unicode'])
|
||||||
headers['Content-Type'] = 'text/html; charset= ' + datastore['HTML::unicode']
|
headers['Content-Type'] = 'text/html; charset= ' + datastore['HTML::unicode']
|
||||||
body = Rex::Text.to_unicode(body, datastore['HTML::unicode'])
|
body = Rex::Text.to_unicode(body, datastore['HTML::unicode'])
|
||||||
else
|
else
|
||||||
# special cases
|
# special cases
|
||||||
case datastore['HTML::unicode']
|
case datastore['HTML::unicode']
|
||||||
when 'utf-16be-marker'
|
when UTF_16_BE_MARKER
|
||||||
headers['Content-Type'] = 'text/html'
|
headers['Content-Type'] = 'text/html'
|
||||||
body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be')
|
body = "\xFE\xFF" + Rex::Text.to_unicode(body, UTF_16_BE)
|
||||||
when 'utf-7-all'
|
when UTF_7_ALL
|
||||||
headers['Content-Type'] = 'text/html; charset=utf-7'
|
headers['Content-Type'] = "text/html; charset=#{UTF_7}"
|
||||||
body = Rex::Text.to_unicode(body, 'utf-7', 'all')
|
body = Rex::Text.to_unicode(body, UTF_7, 'all')
|
||||||
when 'none'
|
when UTF_NONE
|
||||||
# do nothing
|
# do nothing
|
||||||
else
|
else
|
||||||
raise RuntimeError, 'Invalid unicode. how did you get here?'
|
raise RuntimeError, 'Invalid unicode. how did you get here?'
|
||||||
|
|
Loading…
Reference in New Issue