Land #11769, make sure Notes fields show up in `info`
commit
470255cb2b
|
@ -286,8 +286,8 @@ class ReadableText
|
|||
# References
|
||||
output << dump_references(mod, indent)
|
||||
|
||||
# AKA
|
||||
output << dump_aka(mod, indent)
|
||||
# Notes
|
||||
output << dump_notes(mod, indent)
|
||||
|
||||
return output
|
||||
|
||||
|
@ -341,8 +341,8 @@ class ReadableText
|
|||
# References
|
||||
output << dump_references(mod, indent)
|
||||
|
||||
# AKA
|
||||
output << dump_aka(mod, indent)
|
||||
# Notes
|
||||
output << dump_notes(mod, indent)
|
||||
|
||||
return output
|
||||
end
|
||||
|
@ -401,8 +401,8 @@ class ReadableText
|
|||
# References
|
||||
output << dump_references(mod, indent)
|
||||
|
||||
# AKA
|
||||
output << dump_aka(mod, indent)
|
||||
# Notes
|
||||
output << dump_notes(mod, indent)
|
||||
|
||||
return output
|
||||
end
|
||||
|
@ -668,19 +668,42 @@ class ReadableText
|
|||
output
|
||||
end
|
||||
|
||||
# Dumps the aka names associated with the supplied module.
|
||||
# Dumps the notes associated with the supplied module.
|
||||
#
|
||||
# @param mod [Msf::Module] the module.
|
||||
# @param indent [String] the indentation to use.
|
||||
# @return [String] the string form of the information.
|
||||
def self.dump_aka(mod, indent = '')
|
||||
def self.dump_notes(mod, indent = '')
|
||||
output = ''
|
||||
|
||||
if mod.notes['AKA'].present?
|
||||
output << "AKA:\n"
|
||||
mod.notes.each do |name, val|
|
||||
next unless val.present?
|
||||
|
||||
mod.notes['AKA'].each do |aka_name|
|
||||
output << indent + aka_name + "\n"
|
||||
case name
|
||||
when 'AKA'
|
||||
output << "Also known as:\n"
|
||||
val.each { |aka| output << "#{indent}#{aka}\n" }
|
||||
when 'NOCVE'
|
||||
output << "CVE not available:\n" \
|
||||
"#{indent}#{val}\n"
|
||||
when 'RelatedModules'
|
||||
output << "Related modules:\n"
|
||||
val.each { |related| output << "#{indent}#{related}\n" }
|
||||
when 'Stability', 'SideEffects', 'Reliability'
|
||||
# Handled by dump_traits
|
||||
next
|
||||
else
|
||||
output << "#{name}:\n"
|
||||
|
||||
case val
|
||||
when Array
|
||||
val.each { |v| output << "#{indent}#{v}\n" }
|
||||
when Hash
|
||||
val.each { |k, v| output << "#{indent}#{k}: #{v}\n" }
|
||||
else
|
||||
# Display the raw note
|
||||
output << "#{indent}#{val}\n"
|
||||
end
|
||||
end
|
||||
|
||||
output << "\n"
|
||||
|
|
|
@ -59,10 +59,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
],
|
||||
'DefaultTarget' => 1,
|
||||
'Notes' => {
|
||||
'NOCVE' => 'Patched in 2.00.8643 without vendor disclosure',
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [ARTIFACTS_ON_DISK],
|
||||
'Reliablity' => [REPEATABLE_SESSION],
|
||||
'NOCVE' => 'Patched in 2.00.8643'
|
||||
'Reliability' => [REPEATABLE_SESSION]
|
||||
}
|
||||
))
|
||||
|
||||
|
|
|
@ -22,12 +22,7 @@ class MetasploitModule < Msf::Exploit
|
|||
arbitrary commands by handling a failed restore (grestore) in
|
||||
PostScript to disable LockSafetyParams and avoid invalidaccess.
|
||||
|
||||
This vulnerability is reachable via libraries such as ImageMagick,
|
||||
and this module provides the latest vector for Ghostscript.
|
||||
|
||||
For previous Ghostscript vectors, please see the following modules:
|
||||
exploit/unix/fileformat/ghostscript_type_confusion
|
||||
exploit/unix/fileformat/imagemagick_delegate
|
||||
This vulnerability is reachable via libraries such as ImageMagick.
|
||||
},
|
||||
'Author' => [
|
||||
'Tavis Ormandy', # Vuln discovery and exploit
|
||||
|
@ -48,7 +43,10 @@ class MetasploitModule < Msf::Exploit
|
|||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Type' => :unix_memory,
|
||||
'Payload' => {'Space' => 4089, 'DisableNops' => true} # 4096 total
|
||||
'Payload' => {
|
||||
'Space' => 4089, # 4096 total
|
||||
'DisableNops' => true
|
||||
}
|
||||
],
|
||||
['PowerShell (In-Memory)',
|
||||
'Platform' => 'win',
|
||||
|
@ -61,7 +59,13 @@ class MetasploitModule < Msf::Exploit
|
|||
'Type' => :linux_dropper
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 0
|
||||
'DefaultTarget' => 0,
|
||||
'Notes' => {
|
||||
'RelatedModules' => [
|
||||
'exploit/unix/fileformat/ghostscript_type_confusion',
|
||||
'exploit/unix/fileformat/imagemagick_delegate'
|
||||
]
|
||||
}
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -16,9 +16,6 @@ class MetasploitModule < Msf::Exploit
|
|||
be exploited to obtain arbitrary command execution. This vulnerability affects
|
||||
Ghostscript versions 9.21 and earlier and can be exploited through libraries
|
||||
such as ImageMagick and Pillow.
|
||||
|
||||
For more recent Ghostscript vectors, please see the following modules:
|
||||
exploit/multi/fileformat/ghostscript_failed_restore
|
||||
},
|
||||
'Author' => [
|
||||
'Atlassian Security Team', # Vulnerability discovery
|
||||
|
@ -44,7 +41,11 @@ class MetasploitModule < Msf::Exploit
|
|||
],
|
||||
'DefaultTarget' => 0,
|
||||
'Notes' => {
|
||||
'AKA' => [ 'ghostbutt' ]
|
||||
'AKA' => ['ghostbutt'],
|
||||
'RelatedModules' => [
|
||||
'exploit/multi/fileformat/ghostscript_failed_restore',
|
||||
'exploit/unix/fileformat/imagemagick_delegate'
|
||||
]
|
||||
}
|
||||
))
|
||||
|
||||
|
|
|
@ -25,10 +25,6 @@ class MetasploitModule < Msf::Exploit
|
|||
Ghostscript versions 9.18 and later are affected. This target is
|
||||
provided as is and will not be updated to track additional vulns.
|
||||
|
||||
For more recent Ghostscript vectors, please see the following modules:
|
||||
exploit/multi/fileformat/ghostscript_failed_restore
|
||||
exploit/unix/fileformat/ghostscript_type_confusion
|
||||
|
||||
If USE_POPEN is set to true, a |-prefixed command will be used for the
|
||||
exploit. No delegates are involved in this exploitation.
|
||||
},
|
||||
|
@ -63,7 +59,13 @@ class MetasploitModule < Msf::Exploit
|
|||
['PS file', template: 'msf.ps'] # PoC from taviso
|
||||
],
|
||||
'DefaultTarget' => 0,
|
||||
'Notes' => {'AKA' => ['ImageTragick']}
|
||||
'Notes' => {
|
||||
'AKA' => ['ImageTragick'],
|
||||
'RelatedModules' => [
|
||||
'exploit/unix/fileformat/ghostscript_type_confusion',
|
||||
'exploit/multi/fileformat/ghostscript_failed_restore'
|
||||
]
|
||||
}
|
||||
))
|
||||
|
||||
register_options([
|
||||
|
|
|
@ -67,10 +67,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
],
|
||||
'DefaultTarget' => 0,
|
||||
'Notes' => {
|
||||
'AKA' => ['SA-CORE-2019-003'],
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [IOC_IN_LOGS],
|
||||
'Reliablity' => [UNRELIABLE_SESSION], # When using the GET method
|
||||
'AKA' => ['SA-CORE-2019-003']
|
||||
'Reliability' => [UNRELIABLE_SESSION] # When using the GET method
|
||||
}
|
||||
))
|
||||
|
||||
|
|
Loading…
Reference in New Issue