infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Imply authentication when a password is set

bug/bundler_fix
Tod Beardsley 2013-10-04 09:54:04 -05:00
parent 0112d6253c
commit ab786d1466
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/exploits/multi/http/gestioip_exec.rb
View File

@ -17,7 +17,9 @@ class Metasploit4 < Msf::Exploit::Remote
'Name' => 'GestioIP Remote Command Execution',
'Description' => %q{
This module exploits a command injection flaw to create a shell script
on the FS and execute it.
on the filesystem and execute it. If GestioIP is configured to use no authentication,
no password is required to exploit the vulnerability. Otherwise, an authenticated
user is required to exploit.
},
'License' => MSF_LICENSE,
'Author' =>
@ -44,8 +46,7 @@ class Metasploit4 < Msf::Exploit::Remote
[
OptString.new('URI', [true, 'URI', '/gestioip/']),
OptString.new('USERNAME', [false, 'The username to auth as', 'gipadmin']),
OptString.new('PASSWORD', [false, 'The password to auth with', 'password']),
OptBool.new('USE_AUTH', [true, 'Whether to attempt basic authentication or not', false])
OptString.new('PASSWORD', [false, 'The password to auth with', nil])
], self.class)
end
@ -62,7 +63,7 @@ class Metasploit4 < Msf::Exploit::Remote
end
def use_auth
datastore['USE_AUTH']
!(pass.nil? or pass.empty?)
end
def exploit