infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

description modified

unstable
jvazquez-r7 2012-05-18 01:23:09 +02:00
parent e7f5bf132c
commit bedf010676
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/windows/http/bea_weblogic_post_bof.rb
View File

@ -22,14 +22,12 @@ class Metasploit3 < Msf::Exploit::Remote
Weblogic Apache plugin.
The connector fails to properly handle specially crafted HTTP POST
requests resulting in a buffer overflow due to the insecure usage
of sprintf.
The Weblogic Apache plugin version is fingerprinted with a POST
request containing a specially crafted Transfer-Encoding header.
At this moment this module works over Windows systems without DEP
requests, resulting a buffer overflow due to the insecure usage
of sprintf. Currently, this module works over Windows systems without DEP,
and has been tested with Windows 2000 / XP.
In addition, the Weblogic Apache plugin version is fingerprinted with a POST
request containing a specially crafted Transfer-Encoding header.
},
'Author' =>
[
@ -155,7 +153,7 @@ class Metasploit3 < Msf::Exploit::Remote
{
'method' => 'POST',
'uri' => target_uri.path,
'headers' =>
'headers' =>
{
'Transfer-Encoding' => my_data
},