Merge branch 'master' of https://github.com/rapid7/metasploit-framework

2013-06-17 16:43:33 -05:00 · 2013-06-17 16:43:33 -05:00 · de1561363e
parent 1b456ab511 b8ed1f902c
commit de1561363e
5 changed files with 10 additions and 5 deletions
--- a/7
+++ b/7
@ -37,9 +37,10 @@ need user input, you can either register an option or expose an
 interactive session type specific for the type of exploit.

 3. Don't use "sleep". It has been known to cause issues with
-multi-threaded programs on various platforms. Instead, we use
-"select(nil, nil, nil, <time>)" throughout the framework. We have
-found this works around the underlying issue.
+multi-threaded programs on various platforms running an older version of
+Ruby such as 1.8. Instead, we use "select(nil, nil, nil, <time>)" or
+Rex.sleep() throughout the framework. We have found this works around
+the underlying issue.

 4. Always use Rex sockets, not ruby sockets.  This includes
 third-party libraries such as Net::Http.  There are several very good
--- a/lib/msf/core/exploit/http/client.rb
+++ b/lib/msf/core/exploit/http/client.rb
@ -149,8 +149,8 @@ module Exploit::Remote::HttpClient
 		client_password = opts['password'] || datastore['PASSWORD'] || ''

 		nclient = Rex::Proto::Http::Client.new(
-			rhost,
-			rport.to_i,
+			opts['rhost'] || rhost,
+			(opts['rport'] || rport).to_i,
 			{
 				'Msf'        => framework,
 				'MsfExploit' => self,
--- a/lib/rex/proto/http/response.rb
+++ b/lib/rex/proto/http/response.rb
@ -73,6 +73,7 @@ class Response < Packet
 				next if name == 'path'
 				next if name == 'expires'
 				next if name == 'domain'
+				next if name == 'max-age'
 				cookies << "#{k}=#{v}; "
 			end
 		end
--- a/modules/exploits/multi/http/horde_href_backdoor.rb
+++ b/modules/exploits/multi/http/horde_href_backdoor.rb
@ -29,6 +29,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			'References'     =>
 				[
 					[ 'CVE', '2012-0209'],
+					[ 'OSVDB', '79246'],
+					[ 'EDB', '18492'],
 					[ 'URL', 'http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155' ],
 					[ 'URL', 'http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/' ]
 				],
--- a/modules/exploits/multi/http/manageengine_search_sqli.rb
+++ b/modules/exploits/multi/http/manageengine_search_sqli.rb
@ -33,6 +33,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				],
 			'References'     =>
 				[
+					['OSVDB', '86562'],
 					['EDB','22094'],
 					['BID', '56138']
 				],