infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update description

bug/bundler_fix
Christian Mehlmauer 2015-12-16 06:42:41 +01:00
parent d4ade7a1fd
commit 2e54cd2ca7
No known key found for this signature in database
GPG Key ID: DCF54A05D6E62591
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/exploits/multi/http/joomla_http_header_rce.rb
View File

@ -17,7 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote
Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5 to 3.4. Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5 to 3.4.
By storing user supplied headers in the databases session table it's possible to truncate the input By storing user supplied headers in the databases session table it's possible to truncate the input
by sending an UTF-8 character. The custom created payload is then executed once the session is read by sending an UTF-8 character. The custom created payload is then executed once the session is read
from the databse from the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13.
In later versions the deserialisation of invalid session data stops on the first error and the
exploit will not work.
}, },
'Author' => 'Author' =>
[ [
@ -32,7 +34,8 @@ class Metasploit3 < Msf::Exploit::Remote
['URL', 'https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html'], ['URL', 'https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html'],
['URL', 'https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html'], ['URL', 'https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html'],
['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F11330'], ['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F11330'],
['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html'] ['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html'],
['URL', 'https://bugs.php.net/bug.php?id=70219']
], ],
'Privileged' => false, 'Privileged' => false,
'Platform' => 'php', 'Platform' => 'php',