mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-09-11 17:08:02 +02:00
Land #4078, pureftpd_bash_env_exec desc. update
This commit is contained in:
commit
090d9b95d1
@ -15,10 +15,13 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||
super(update_info(info,
|
||||
'Name' => 'Pure-FTPd External Authentication Bash Environment Variable Code Injection',
|
||||
'Description' => %q(
|
||||
This module exploits the code injection flaw known as shellshock which
|
||||
leverages specially crafted environment variables in Bash. This exploit
|
||||
specifically targets Pure-FTPd when configured to use an external
|
||||
program for authentication.
|
||||
This module exploits the code injection flaw known as Shellshock, which leverages specially
|
||||
crafted environment variables in Bash.
|
||||
|
||||
Please note that this exploit specifically targets Pure-FTPd compiled with the --with-extauth
|
||||
flag, and an external Bash program for authentication. If the server is not set up this way,
|
||||
understand that even if the operating system is vulnerable to Shellshock, it cannot be
|
||||
exploited via Pure-FTPd.
|
||||
),
|
||||
'Author' =>
|
||||
[
|
||||
@ -31,7 +34,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
||||
['CVE', '2014-6271'],
|
||||
['OSVDB', '112004'],
|
||||
['EDB', '34765'],
|
||||
['URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc']
|
||||
['URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc'],
|
||||
['URL', 'http://download.pureftpd.org/pub/pure-ftpd/doc/README.Authentication-Modules']
|
||||
],
|
||||
'Payload' =>
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user