From d913bf1c35efc37afa519bc01920cbfd07d5a6e8 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 8 Oct 2014 10:29:59 -0500 Subject: [PATCH] Fix metadata --- .../windows/http/http_file_server_exec.rb | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/modules/exploits/windows/http/http_file_server_exec.rb b/modules/exploits/windows/http/http_file_server_exec.rb index ffef4a75bb..8928e22086 100644 --- a/modules/exploits/windows/http/http_file_server_exec.rb +++ b/modules/exploits/windows/http/http_file_server_exec.rb @@ -15,11 +15,12 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info={}) super(update_info(info, - 'Name' => "HttpFileServer 2.3.x Remote Command Execution", + 'Name' => "HttpFileServer Remote Command Execution", 'Description' => %q{ - HFS is vulnerable to remote command execution attack due to a poor regex in the file - ParserLib.pas. This module exploit the HFS scripting commands by using '%00' to bypass - the filtering. + HttpFileServer (HFS) is vulnerable to remote command execution attack due to a poor regex + in the file ParserLib.pas. This module exploit the HFS scripting commands by using '%00' + to bypass the filtering. This module has been tested successfully on HFS 2.3b over Windows + XP SP3, Windows 7 SP1 and Windows 8. }, 'License' => MSF_LICENSE, 'Author' => @@ -29,17 +30,12 @@ class Metasploit3 < Msf::Exploit::Remote ], 'References' => [ - ['URL', 'http://seclists.org/bugtraq/2014/Sep/85'], - ['URL', 'http://www.rejetto.com/hfs/download'], - ['URL', 'http://www.rejetto.com/wiki/index.php?title=HFS:_scripting_commands'], ['CVE', '2014-6287'], ['OSVDB', '111386'], + ['URL', 'http://seclists.org/bugtraq/2014/Sep/85'], + ['URL', 'http://www.rejetto.com/wiki/index.php?title=HFS:_scripting_commands'] ], 'Payload' => { 'BadChars' => "\x0d\x0a\x00" }, - # Tested HFS 2.3b : - # - Windows XP (Build 2600, Service Pack 3). - # - Windows 7 (Build 7601, Service Pack 1). - # - Windows 8 (Build 9200). 'Platform' => 'win', 'Targets' => [