Fixing cisco_ios_auth_bypass.rb to not try to include its own references on vuln_report. Just trust the given module references.

git-svn-id: file:///home/svn/framework3/trunk@11695 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-02 17:06:40 +00:00 · 2011-02-02 17:06:40 +00:00 · cec851a5ed
parent d7f291e41b
commit cec851a5ed
1 changed files with 2 additions and 8 deletions
--- a/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb
+++ b/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb
@ -62,15 +62,9 @@ class Metasploit3 < Msf::Auxiliary
 				report_vuln(
 					:host	=> rhost,
 					:port	=> rport,
+					:proto  => 'tcp',
 					:name	=> 'IOS-HTTP-AUTH-BYPASS',
-					:info	=> "http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
-					:refs   =>
-					[
-						[ 'BID', '2936'],
-						[ 'CVE', '2001-0537'],
-						[ 'URL', 'http://www.cisco.com/warp/public/707/cisco-sa-20010627-ios-http-level.shtml'],
-						[ 'OSVDB', '578' ],
-					]
+					:data	=> "http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
 				)
 				
 				res = send_request_cgi({