Land #2941, @todb-r7's release fix-up

2014-02-03 13:58:36 -06:00 · 2014-02-03 13:58:36 -06:00 · ab4f62c44e
parent d5709c51cc 7e2a9a7072
commit ab4f62c44e
5 changed files with 17 additions and 14 deletions
--- a/modules/auxiliary/gather/drupal_openid_xxe.rb
+++ b/modules/auxiliary/gather/drupal_openid_xxe.rb
@ -17,10 +17,11 @@ class Metasploit3 < Msf::Auxiliary
    super(update_info(info,
      'Name'           => 'Drupal OpenID External Entity Injection',
      'Description'    => %q{
-        This module abuses a XML External Entity Injection on the OpenID module
-        from Drupal. The vulnerability exists on the parsing of a malformed XRDS
-        file coming from a malicious OpenID endpoint. This module has been tested
-        successfully in Drupal 7.15 and 7.2 with the OpenID module enabled.
+        This module abuses an XML External Entity Injection
+        vulnerability on the OpenID module from Drupal. The vulnerability exists
+        in the parsing of a malformed XRDS file coming from a malicious OpenID
+        endpoint. This module has been tested successfully on Drupal 7.15 and
+        7.2 with the OpenID module enabled.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
@ -102,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
    res = send_openid_auth(signature)

    unless res
-      vprint_status("Connection timed out")
+      vprint_status("#{peer} - Connection timed out")
      return Exploit::CheckCode::Unknown
    end

@ -157,12 +158,12 @@ class Metasploit3 < Msf::Auxiliary

  def on_request_uri(cli, request)
    if request.uri =~ /#{@prefix}/
-      vprint_status("Signature found, parsing file...")
+      vprint_status("#{peer} - Signature found, parsing file...")
      @http_loot = parse_loot(request.uri)
      return
    end

-    print_status("Sending XRDS...")
+    print_status("#{peer} - Sending XRDS...")
    send_response_html(cli, xrds_file, { 'Content-Type' => 'application/xrds+xml' })
  end

--- a/modules/exploits/multi/http/struts_dev_mode.rb
+++ b/modules/exploits/multi/http/struts_dev_mode.rb
@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote

  def initialize(info = {})
    super(update_info(info,
-      'Name'           => 'Apache Struts Developer Mode OGNL Execution',
+      'Name'           => 'Apache Struts 2 Developer Mode OGNL Execution',
      'Description'    => %q{
        This module exploits a remote command execution vulnerability in Apache
        Struts 2. The problem exists on applications running in developer mode,
        where the DebuggingInterceptor allows evaluation and execution of OGNL
        expressions, which allows remote attackers to execute arbitrary Java
-        code. This module has been tested successfully in Struts 2.3.16, Tomcat
+        code. This module has been tested successfully on Struts 2.3.16, Tomcat
        7 and Ubuntu 10.04.
      },
      'Author'         =>
--- a/modules/exploits/multi/http/tomcat_mgr_upload.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote

  def initialize(info = {})
    super(update_info(info,
-      'Name'        => 'Apache Tomcat Manager Application Upload Authenticated Code Execution',
+      'Name'        => 'Apache Tomcat Manager Authenticated Upload Code Execution',
      'Description' => %q{
        This module can be used to execute a payload on Apache Tomcat servers that
        have an exposed "manager" application. The payload is uploaded as a WAR archive
@ -198,7 +198,7 @@ class Metasploit3 < Msf::Exploit::Remote
    res = send_request_raw('uri' => path)

    unless res and res.code == 200
-      vprint_error("Failed: Error requesting #{path}")
+      vprint_error("#{peer} - Failed: Error requesting #{path}")
      return nil
    end

@ -372,7 +372,7 @@ class Metasploit3 < Msf::Exploit::Remote

    if res.code < 200 or res.code >= 300
      vprint_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}") if res.code == 401
-      vprint_error("Upload failed on #{upload_path} [#{res.code} #{res.message}]")
+      vprint_error("#{peer} - Upload failed on #{upload_path} [#{res.code} #{res.message}]")
      return false
    end

@ -423,4 +423,4 @@ class Metasploit3 < Msf::Exploit::Remote
    return true
  end

-end
+end
--- a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb
+++ b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
    data.add_part(php, 'application/octet-stream', nil, "form-data; name=\"fileupload\"; filename=\"#{@fname}\"")
    post_data = data.to_s.gsub(/^\r\n--_Part_/, '--_Part_')

-    print_status("#{peer} - Uploading malicious file...")
+    print_status("#{peer} - Uploading PHP payload...")
    res = send_request_cgi({
      'method'   => 'POST',
      'uri'      => normalize_uri(target_uri.path, 'upload.php'),
--- a/modules/exploits/unix/webapp/skybluecanvas_exec.rb
+++ b/modules/exploits/unix/webapp/skybluecanvas_exec.rb
@ -76,6 +76,8 @@ class Metasploit3 < Msf::Exploit::Remote
  def exploit
    uri = normalize_uri(target_uri.path.to_s, "index.php")

+    vprint_status("#{peer} - Sending request to #{uri}.")
+
    send_request_cgi({
      'method'  => 'POST',
      'uri'     => uri,