Remove unneeded require

2019-02-11 11:24:04 -05:00 · 2019-02-11 11:24:04 -05:00 · b49b7ca9db
parent 08e1f86390
commit b49b7ca9db
1 changed files with 9 additions and 12 deletions
--- a/modules/exploits/unix/webapp/webmin_1900_rce.rb
+++ b/modules/exploits/unix/webapp/webmin_1900_rce.rb
@ -3,8 +3,6 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##

-require 'uri'
-
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

@ -18,14 +16,13 @@ class MetasploitModule < Msf::Exploit::Remote
        This module exploits an arbitrary command execution vulnerability in Webmin
        1.900 and lower versions. Any user authorized to the "Java file manager"
        and "Upload and Download" fields, to execute arbitrary commands with root privileges.
-        In addition, "Running Processes" field must be authorized to discover the directory to be uploaded.
-        A vulnerable file can be printed on the original files of the Webmin application.
-        The vulberable file we are uploading should be integrated with the application.
-        Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used.
-        The module has been tested successfully with Webmin 1900 over Debia'cookie' => "redirect=1; testing=1; sid=#{session}"n 4.9.18.
-        Update: The update to this module allows the user to set 'GUESSUPLOAD' to true, which will attempt
-        to upload the files to known default locations. This removes 'proc' permission requirement, meaning
-        attackers only need 'file' and 'updown' permissions.
+        In addition, if the 'Running Processes' (proc) privilege is set the user can
+        accurately determine directory upload to. Webmin application files can be
+        written/overwritten, thus allowing RCE root. The module has been tested
+        successfully with Webmin 1900 over Debia'cookie' "redirect=1; testing=1;
+        sid=#{session}"n 4.9.18.
+        Using GUESSUPLOAD attempts to use a default installation path in order to trigger the
+        exploit.
      ),
      'Author'         => [
        'AkkuS <Özkan Mustafa Akkuş>', # Vulnerability Discovery, Initial PoC module
@ -57,7 +54,7 @@ class MetasploitModule < Msf::Exploit::Remote
      [
        Opt::RPORT(10000),
        OptBool.new('SSL', [true, 'Use SSL', true]),
-        OptBool.new('GUESSUPLOAD', [true, "If the 'Running Process' permission is not given to the user guess the path.", false]),
+        OptBool.new('GUESSUPLOAD', [true, "If no 'proc' permissions exists use default path.", false]),
        OptString.new('USERNAME',  [true, 'Webmin Username']),
        OptString.new('PASSWORD',  [true, 'Webmin Password'])
      ], self.class