From a228e42630c8e8d87326c5ff39ab01088a92ddaa Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 15 Aug 2012 16:06:09 -0500 Subject: [PATCH] Add new target thanks for cabetux --- .../linux/misc/hp_data_protector_cmd_exec.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb b/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb index 72fd8f8f58..a33bf6ac0b 100644 --- a/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb +++ b/modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'HP Data Protector 6.1 EXEC_CMD Remote Code Execution', + 'Name' => 'HP Data Protector 6 EXEC_CMD Remote Code Execution', 'Description' => %q{ This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD @@ -23,9 +23,10 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ - 'ch0ks', # poc - 'c4an', # msf poc - 'wireghoul' # Improved msf + 'ch0ks', # poc + 'c4an', # msf poc + 'wireghoul', # Improved msf + 'Javier Ignacio' #Verified on A06.20 ], 'References' => [ @@ -33,7 +34,8 @@ class Metasploit3 < Msf::Exploit::Remote [ 'OSVDB', '72526'], [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-055/'], [ 'URL', 'http://c4an-dl.blogspot.com/hp-data-protector-vuln.html'], - [ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux'] + [ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux'], + [ 'URL', 'https://community.rapid7.com/thread/2253' ] ], 'DisclosureDate' => 'Feb 7 2011', 'Platform' => [ 'unix','linux'], @@ -46,7 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Targets' => [ - [ 'HP Data Protector 6.10/6.11 on Linux', {}] + [ 'HP Data Protector 6.10/6.11/6.20 on Linux', {}] ], 'DefaultTarget' => 0 ))