Added references and MSB to unicode bypass modules.

git-svn-id: file:///home/svn/framework3/trunk@6914 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Patrick Webster 2009-07-28 07:39:34 +00:00
parent 0b9412536c
commit 9080dd1f0d
2 changed files with 20 additions and 4 deletions

View File

@ -17,16 +17,24 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'MS09-XXX 0day IIS6 WebDAV Unicode Auth Bypass', 'Name' => 'MS09-020 IIS6 WebDAV Unicode Auth Bypass',
'Description' => %q{ 'Description' => %q{
Simplified version of MS09-XXX 0day IIS6 WebDAV Unicode Auth Bypass scanner. It attempts Simplified version of MS09-020 IIS6 WebDAV Unicode Auth Bypass scanner. It attempts
to bypass authentication using the WebDAV IIS6 Unicode vulnerability to bypass authentication using the WebDAV IIS6 Unicode vulnerability
discovered by Kingcope. The vulnerability appears to be exploitable discovered by Kingcope. The vulnerability appears to be exploitable
where WebDAV is enabled on the IIS6 server, and any protected folder where WebDAV is enabled on the IIS6 server, and any protected folder
requires either Basic, Digest or NTLM authentication. requires either Basic, Digest or NTLM authentication.
}, },
'Author' => [ 'patrick' ], 'Author' => [ 'et', 'patrick' ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' =>
[
[ 'MSB', 'MS09-020' ],
[ 'CVE', '2009-1535' ],
[ 'CVE', '2009-1122' ],
[ 'OSVDB', '54555' ],
[ 'BID', '34993' ],
],
'Version' => '$Revision: 6580 $')) 'Version' => '$Revision: 6580 $'))
register_options( register_options(

View File

@ -21,7 +21,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'MS09-XXX 0day IIS6 WebDAV Unicode Auth Bypass Directory Scanner', 'Name' => 'MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner',
'Description' => %q{ 'Description' => %q{
This module is based on et's HTTP Directory Scanner module, This module is based on et's HTTP Directory Scanner module,
with one exception. Where authentication is required, it attempts with one exception. Where authentication is required, it attempts
@ -32,6 +32,14 @@ class Metasploit3 < Msf::Auxiliary
}, },
'Author' => [ 'patrick' ], 'Author' => [ 'patrick' ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'References' =>
[
[ 'MSB', 'MS09-020' ],
[ 'CVE', '2009-1535' ],
[ 'CVE', '2009-1122' ],
[ 'OSVDB', '54555' ],
[ 'BID', '34993' ],
],
'Version' => '$Revision$')) 'Version' => '$Revision$'))
register_options( register_options(