infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

typos

bug/bundler_fix
Brandon Perry 2014-08-30 09:22:58 -05:00
parent f72cce9ff2
commit 438f0e6365
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/linux/http/railo_cfml_rfi.rb
View File

@ -16,11 +16,11 @@ class Metasploit4 < Msf::Exploit::Remote
'Name' => 'Railo Remote File Include',
'Description' => %q{
This module exploits a remote file include vulnerability in Railo,
tested against version 4.2.1. First, a call using a vulnerablea
<cffile> line in thumbnail.cfm allows an atacker to download an
arbitrary PNG file. By appending a .cfm, and taking advantage of
tested against version 4.2.1. First, a call using a vulnerable
<cffile> line in thumbnail.cfm allows an attacker to download an
arbitrary PNG file. By appending a .cfm and taking advantage of
a directory traversal, an attacker can append cold fusion markup
to the PNG file, and have it interpreted by the server. This is
to the PNG file and have it interpreted by the server. This is
used to stage and execute a fully-fledged payload.
},
'License' => MSF_LICENSE,