infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix #3974 - Validate and normalize URI for axis_login

bug/bundler_fix
sinn3r 2014-10-09 14:33:39 -05:00
parent a535d236f6
commit 7d8eadada6
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/auxiliary/scanner/http/axis_login.rb
View File

@ -40,21 +40,23 @@ class Metasploit3 < Msf::Auxiliary
register_options( [
Opt::RPORT(8080),
OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
OptString.new('TARGETURI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
], self.class)
end
# For print_* methods
def target_url
"http://#{vhost}:#{rport}#{datastore['URI']}"
end
def run_host(ip)
uri = normalize_uri(target_uri.path)
print_status("Verifying login exists at #{target_url}")
begin
send_request_cgi({
'method' => 'GET',
'uri' => datastore['URI']
'uri' => uri
}, 20)
rescue
print_error("The Axis2 login page does not exist at #{target_url}")
@ -78,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary
scanner = Metasploit::Framework::LoginScanner::Axis2.new(
host: ip,
port: rport,
uri: datastore['URI'],
uri: uri,
proxies: datastore["PROXIES"],
cred_details: cred_collection,
stop_on_success: datastore['STOP_ON_SUCCESS'],