Added references and MSB to unicode bypass modules.

git-svn-id: file:///home/svn/framework3/trunk@6914 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 07:39:34 +00:00 · 2009-07-28 07:39:34 +00:00 · 9080dd1f0d
parent 0b9412536c
commit 9080dd1f0d
2 changed files with 20 additions and 4 deletions
--- a/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb
+++ b/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb
@ -17,16 +17,24 @@ class Metasploit3 < Msf::Auxiliary

 	def initialize(info = {})
 		super(update_info(info,	
-			'Name'   		=> 'MS09-XXX 0day IIS6 WebDAV Unicode Auth Bypass',
+			'Name'   		=> 'MS09-020 IIS6 WebDAV Unicode Auth Bypass',
 			'Description'	=> %q{
-				Simplified version of MS09-XXX 0day IIS6 WebDAV Unicode Auth Bypass scanner. It attempts
+				Simplified version of MS09-020 IIS6 WebDAV Unicode Auth Bypass scanner. It attempts
 				to bypass authentication using the WebDAV IIS6 Unicode vulnerability
 				discovered by Kingcope. The vulnerability appears to be exploitable
 				where WebDAV is enabled on the IIS6 server, and any protected folder
 				requires either Basic, Digest or NTLM authentication.
 			},
-			'Author' 		=> [ 'patrick' ],
+			'Author' 		=> [ 'et', 'patrick' ],
 			'License'		=> MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'MSB', 'MS09-020' ],
+					[ 'CVE', '2009-1535' ],
+					[ 'CVE', '2009-1122' ],
+					[ 'OSVDB', '54555' ],
+					[ 'BID', '34993' ],
+				],
 			'Version'		=> '$Revision: 6580 $'))   
 			
 		register_options(
--- a/modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb
+++ b/modules/auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass.rb
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Auxiliary

 	def initialize(info = {})
 		super(update_info(info,	
-			'Name'   		=> 'MS09-XXX 0day IIS6 WebDAV Unicode Auth Bypass Directory Scanner',
+			'Name'   		=> 'MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner',
 			'Description'	=> %q{
 				This module is based on et's HTTP Directory Scanner module,
 				with one exception. Where authentication is required, it attempts
@ -32,6 +32,14 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author' 		=> [ 'patrick' ],
 			'License'		=> MSF_LICENSE,
+			'References'     =>
+				[
+					[ 'MSB', 'MS09-020' ],
+					[ 'CVE', '2009-1535' ],
+					[ 'CVE', '2009-1122' ],
+					[ 'OSVDB', '54555' ],
+					[ 'BID', '34993' ],
+				],
 			'Version'		=> '$Revision$'))   
 			
 		register_options(