From bedf010676fcc59b913a27f8d0fd1db8c34fe575 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Fri, 18 May 2012 01:23:09 +0200 Subject: [PATCH] description modified --- .../exploits/windows/http/bea_weblogic_post_bof.rb | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/modules/exploits/windows/http/bea_weblogic_post_bof.rb b/modules/exploits/windows/http/bea_weblogic_post_bof.rb index bc9dea0bc4..a93ac8562e 100644 --- a/modules/exploits/windows/http/bea_weblogic_post_bof.rb +++ b/modules/exploits/windows/http/bea_weblogic_post_bof.rb @@ -22,14 +22,12 @@ class Metasploit3 < Msf::Exploit::Remote Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST - requests resulting in a buffer overflow due to the insecure usage - of sprintf. - - The Weblogic Apache plugin version is fingerprinted with a POST - request containing a specially crafted Transfer-Encoding header. - - At this moment this module works over Windows systems without DEP + requests, resulting a buffer overflow due to the insecure usage + of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. + + In addition, the Weblogic Apache plugin version is fingerprinted with a POST + request containing a specially crafted Transfer-Encoding header. }, 'Author' => [ @@ -155,7 +153,7 @@ class Metasploit3 < Msf::Exploit::Remote { 'method' => 'POST', 'uri' => target_uri.path, - 'headers' => + 'headers' => { 'Transfer-Encoding' => my_data },