infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add requirement to description

bug/bundler_fix
jvazquez-r7 2014-12-12 11:42:45 -06:00
parent fd09b5c2f6
commit d01a07b1c7
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/exploits/unix/webapp/tuleap_unserialize_exec.rb
View File

@ -19,7 +19,8 @@ class Metasploit3 < Msf::Exploit::Remote
web server. The dangerous unserialize() call exists in the 'src/www/project/register.php'
file. The exploit abuses the destructor method from the Jabbex class in order to reach a
call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from
the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call.
the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In
order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
},
'License' => MSF_LICENSE,
'Author' => 'EgiX',