infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor tweaks.

bug/bundler_fix
Pearce Barry 2017-10-09 17:02:24 -05:00
parent 26108f5ac9
commit fd8b72ca66
No known key found for this signature in database
GPG Key ID: 0916F4DEA5C5DE0A
2 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
documentation/modules/auxiliary/dos/http/ibm_lotus_notes.md
View File

@ -1,16 +1,30 @@
## Vulnerable Application
This module exploits a vulnerability in, inbuilt web-browser of IBM lotus notes, the code uses java-script based URI encoding,
and create a object instance of encode URI due to the infinite loop it leads to Denial of Service.
This module exploits a vulnerability in the built-in web-browser of IBM Lotus Notes client application.
## Working of Module
JavaScript is used to create an object instance of encode URI within an infinite loop,
leading to a Denial of Service of the IBM Lotus Notes app itself.
Vulnerable app versions include:
* IBM Notes 9.0.1 to 9.0.1 FP8IF1
* IBM Notes 9.0 to 9.0 IF4.
* IBM Notes 8.5.3 to 8.5.3 FP6 IF13.
* IBM Notes 8.5.2 to 8.5.2 FP4 IF3.
* IBM Notes 8.5.1. to 8.5.1 FP5 IF5.
* IBM Notes 8.5 release
Related security bulletin from IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21999385
## Verification
1. Start msfconsole
2. `use auxiliary/dos/http/ibm_lotus_notes.rb`
3. Set `SRVHOST`
4. Set `SRVPORT`
5. run (Server started)
6. Visit server URL in web-browser of IBM
1. `use auxiliary/dos/http/ibm_lotus_notes.rb`
1. Set `SRVHOST`
1. Set `SRVPORT`
1. run (Server started)
1. Visit server URL in the built-in web-browser of IBM Notes client application
## Scenarios
```
msf > use auxiliary/dos/http/ibm_lotus_notes
@ -46,4 +60,4 @@ msf auxiliary(ibm_lotus_notes) >
msf auxiliary(ibm_lotus_notes) >
```
Security Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21999385
At this point, the target should use the built-in web browser of their IBM Lotus Notes client to navigate to the above "Using URL" value. And then they should see their Notes app become unresponsive.

5
modules/auxiliary/dos/http/ibm_lotus_notes.rb
View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
'Name' => "IBM Notes encodeURI DOS",
'Description' => %q(
This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes.
If successful,it could cause the Notes client to hang and have to be restarted.
If successful, it could cause the Notes client to hang and have to be restarted.
),
'License' => MSF_LICENSE,
'Author' => [
@ -21,7 +21,8 @@ class MetasploitModule < Msf::Auxiliary
],
'References' => [
[ 'EXPLOIT-DB', '42602'],
[ 'CVE', '2017-1129' ]
[ 'CVE', '2017-1129' ],
[ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21999385' ]
],
'DisclosureDate' => 'Aug 31 2017',
'Actions' => [[ 'WebServer' ]],