Remove unneeded require

master
Ziconius 2019-02-11 11:24:04 -05:00
parent 08e1f86390
commit b49b7ca9db
1 changed files with 9 additions and 12 deletions

View File

@ -3,8 +3,6 @@
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'uri'
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
@ -15,17 +13,16 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Webmin 1.900 - Remote Command Execution',
'Description' => %q(
This module exploits an arbitrary command execution vulnerability in Webmin
This module exploits an arbitrary command execution vulnerability in Webmin
1.900 and lower versions. Any user authorized to the "Java file manager"
and "Upload and Download" fields, to execute arbitrary commands with root privileges.
In addition, "Running Processes" field must be authorized to discover the directory to be uploaded.
A vulnerable file can be printed on the original files of the Webmin application.
The vulberable file we are uploading should be integrated with the application.
Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used.
The module has been tested successfully with Webmin 1900 over Debia'cookie' => "redirect=1; testing=1; sid=#{session}"n 4.9.18.
Update: The update to this module allows the user to set 'GUESSUPLOAD' to true, which will attempt
to upload the files to known default locations. This removes 'proc' permission requirement, meaning
attackers only need 'file' and 'updown' permissions.
In addition, if the 'Running Processes' (proc) privilege is set the user can
accurately determine directory upload to. Webmin application files can be
written/overwritten, thus allowing RCE root. The module has been tested
successfully with Webmin 1900 over Debia'cookie' "redirect=1; testing=1;
sid=#{session}"n 4.9.18.
Using GUESSUPLOAD attempts to use a default installation path in order to trigger the
exploit.
),
'Author' => [
'AkkuS <Özkan Mustafa Akkuş>', # Vulnerability Discovery, Initial PoC module
@ -57,7 +54,7 @@ class MetasploitModule < Msf::Exploit::Remote
[
Opt::RPORT(10000),
OptBool.new('SSL', [true, 'Use SSL', true]),
OptBool.new('GUESSUPLOAD', [true, "If the 'Running Process' permission is not given to the user guess the path.", false]),
OptBool.new('GUESSUPLOAD', [true, "If no 'proc' permissions exists use default path.", false]),
OptString.new('USERNAME', [true, 'Webmin Username']),
OptString.new('PASSWORD', [true, 'Webmin Password'])
], self.class