infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up traq_plugin_exec

bug/bundler_fix
g0tmi1k 2015-03-20 01:19:46 +00:00
parent 72794e4c1a
commit 5709d49aae
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/exploits/multi/http/traq_plugin_exec.rb
View File

@ -17,12 +17,11 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits an arbitrary command execution vulnerability in This module exploits an arbitrary command execution vulnerability in
Traq 2.0 to 2.3. It's in the admincp/common.php script. Traq 2.0 to 2.3. It's in the admincp/common.php script.
This function is called in each script located into /admicp/ directory to This function is called in each script located in the /admicp/ directory to
make sure the user has admin rights, but this is a broken authorization make sure the user has admin rights, but this is a broken authorization
schema due to the header() function doesn't stop the execution flow. This schema due to the header() function doesn't stop the execution flow.
can be exploited by malicious users to execute admin functionality resulting This can be exploited by malicious users to execute admin functionality.
for e.g. in execution of arbitrary PHP code leveraging of plugins.php e.g. execution of arbitrary PHP code leveraging of plugins.php functionality.
functionality.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>