From b6edad1f1ddd97e1241815c5c4537aa703fea8d7 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Fri, 5 Apr 2013 11:04:43 +0200 Subject: [PATCH] fix DEPTH description and basename --- .../scanner/http/hp_imc_ictdownloadservlet_traversal.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb b/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb index 4f03de5176..1e308b45d4 100644 --- a/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb +++ b/modules/auxiliary/scanner/http/hp_imc_ictdownloadservlet_traversal.rb @@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary OptString.new('TARGETURI', [true, 'Path to HP Intelligent Management Center', '/imc']), OptString.new('FILEPATH', [true, 'The name of the file to download', '/boot.ini']), # By default files downloaded from C:\Program Files\iMC\client\web\apps\imc\tmp\ - OptInt.new('DEPTH', [true, 'Traversal depth if absolute is set to false', 7]) + OptInt.new('DEPTH', [true, 'Traversal depth', 7]) ], self.class) end @@ -60,6 +60,10 @@ class Metasploit3 < Msf::Auxiliary end end + def my_basename(filename) + return ::File.basename(filename.gsub(/\\/, "/")) + end + def run_host(ip) if not is_imc? @@ -83,7 +87,7 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 200 and res.headers['Content-Type'] and res.headers['Content-Type'] == "application/doc" contents = res.body - fname = File.basename(datastore['FILEPATH']) + fname = my_basename(datastore['FILEPATH']) path = store_loot( 'hp.imc.faultdownloadservlet', 'application/octet-stream',