Merge branch 'java_0day_refs' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-java_0day_refs

Conflicts: modules/exploits/multi/browser/java_jre17_jmxbean.rb
2013-01-11 01:33:11 -06:00 · 2013-01-11 01:33:11 -06:00 · 23ef8280be
parent 6471a70053 2c05af721c
commit 23ef8280be
6 changed files with 13 additions and 11 deletions
--- a/data/exploits/cve-2013-0422/B.class
+++ b/data/exploits/cve-2013-0422/B.class
--- a/data/exploits/cve-2013-0422/Exploit.class
+++ b/data/exploits/cve-2013-0422/Exploit.class
--- a/external/source/exploits/cve-2013-0422/B.java
+++ b/external/source/exploits/cve-2013-0422/B.java
--- a/external/source/exploits/cve-2013-0422/Exploit.java
+++ b/external/source/exploits/cve-2013-0422/Exploit.java
--- a/external/source/exploits/cve-2013-0422/Makefile
+++ b/external/source/exploits/cve-2013-0422/Makefile
@ -11,8 +11,8 @@ CLASSES = \
 all: $(CLASSES:.java=.class)

 install:
-	mv Exploit.class ../../../../data/exploits/j7u10_jmx/
-	mv B.class ../../../../data/exploits/j7u10_jmx/
+	mv Exploit.class ../../../../data/exploits/cve-2013-0422/
+	mv B.class ../../../../data/exploits/cve-2013-0422/

 clean:
 	rm -rf *.class
--- a/modules/exploits/multi/browser/java_jre17_jmxbean.rb
+++ b/modules/exploits/multi/browser/java_jre17_jmxbean.rb
@ -27,15 +27,17 @@ class Metasploit3 < Msf::Exploit::Remote
 				vulnerability affects Java version 7u10 and earlier.
 			},
 			'License'       => MSF_LICENSE,
-			'Author'        => [
-				'Unknown', # Vulnerability discovery
-				'egypt', # Metasploit module
-				'sinn3r', # Metasploit module
-				'juan vazquez' # Metasploit module
-			],
+			'Author'        =>
+				[
+					'Unknown', # Vulnerability discovery
+					'egypt', # Metasploit module
+					'sinn3r', # Metasploit module
+					'juan vazquez' # Metasploit module
+				],
 			'References'    =>
 				[
 					[ 'CVE', '2013-0422' ],
+					[ 'US-CERT-VU', '625617' ],
 					[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],
 					[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ]
 				],
@ -70,14 +72,14 @@ class Metasploit3 < Msf::Exploit::Remote
 				],
 			'DefaultTarget'  => 0,
 			'DisclosureDate' => 'Jan 10 2013'
-			))
+		))
 	end


 	def setup
-		path = File.join(Msf::Config.install_root, "data", "exploits", "j7u10_jmx", "Exploit.class")
+		path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0422", "Exploit.class")
 		@exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
-		path = File.join(Msf::Config.install_root, "data", "exploits", "j7u10_jmx", "B.class")
+		path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0422", "B.class")
 		@loader_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }

 		@exploit_class_name = rand_text_alpha("Exploit".length)