Do more reporting
wchen-r7
parent
5ef4cc2bb4
commit
c70e38a14e
|
|
@ -13,6 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Auxiliary::Report
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
|
|
@ -270,19 +271,28 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
end
|
||||
|
||||
def report_glassfish_version(banner)
|
||||
report_note(
|
||||
host: rhost,
|
||||
type: 'glassfish.banner',
|
||||
data: banner,
|
||||
update: :unique_data
|
||||
)
|
||||
end
|
||||
|
||||
#
|
||||
# Return GlassFish's edition (Open Source or Commercial) and version (2.x, 3.0, 3.1, 9.x) and
|
||||
# banner (ex: Sun Java System Application Server 9.x)
|
||||
#
|
||||
def get_version(res)
|
||||
#Extract banner from response
|
||||
# Extract banner from response
|
||||
banner = res.headers['Server']
|
||||
|
||||
#Default value for edition and glassfish version
|
||||
# Default value for edition and glassfish version
|
||||
edition = 'Commercial'
|
||||
version = 'Unknown'
|
||||
|
||||
#Set edition (Open Source or Commercial)
|
||||
# Set edition (Open Source or Commercial)
|
||||
p = /(Open Source|Sun GlassFish Enterprise Server|Sun Java System Application Server)/
|
||||
edition = 'Open Source' if banner =~ p
|
||||
|
||||
|
|
@ -301,6 +311,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Unsupported version: #{banner}")
|
||||
end
|
||||
|
||||
report_glassfish_version(banner)
|
||||
|
||||
return edition, version, banner
|
||||
end
|
||||
|
||||
|
|
@ -632,6 +644,18 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
)
|
||||
end
|
||||
|
||||
def report_auth_bypass(version)
|
||||
report_vuln(
|
||||
name: 'GlassFish HTTP Method Authentication Bypass',
|
||||
info: "The remote service has a vulnerable version of GlassFish (#{version}) that allows the " \
|
||||
'attacker to bypass authentication by sending an HTTP verb in lower-case.',
|
||||
host: rhost,
|
||||
port: rport,
|
||||
proto: 'tcp',
|
||||
refs: self.references
|
||||
)
|
||||
end
|
||||
|
||||
def try_glassfish_auth_bypass(version)
|
||||
sid = nil
|
||||
|
||||
|
|
@ -652,6 +676,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
end
|
||||
|
||||
report_auth_bypass(version) if sid
|
||||
|
||||
sid
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue