infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update rails_secret_deserialization.rb 

When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
bug/bundler_fix
Niel Nielsen 2014-01-07 21:41:15 +01:00
parent 21b146fab3
commit e79ccb08cb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/multi/http/rails_secret_deserialization.rb
View File

@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
keygen = KeyGenerator.new(datastore['SECRET'],{:iterations => 1000})
sigkey = keygen.generate_key(datastore['SALTSIG'])
end
digest == OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(datastore['DIGEST_NAME']), sigkey, data)
digest == OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new(datastore['DIGEST_NAME']), sigkey, data)
end
def rails_4
@ -184,7 +184,7 @@ class Metasploit3 < Msf::Exploit::Remote
def rails_3
# Sign it with the secret_token
data = build_cookie
digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("SHA1"), datastore['SECRET'], data)
digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("SHA1"), datastore['SECRET'], data)
marshal_payload = Rex::Text.uri_encode(data)
"#{marshal_payload}--#{digest}"
end