mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-09-11 17:08:02 +02:00
Land #4712, @todb-r7's release fixes
This commit is contained in:
commit
3b28b23e2e
@ -22,9 +22,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||
using the default credentials for the administrator and guest accounts; alternatively
|
||||
you can provide a pre-authenticated cookie or a username / password combo. For IT360
|
||||
targets enter the RPORT of the OpManager instance (usually 8300). This module has been
|
||||
tested on both Windows and Linux with several different versions Windows paths have to
|
||||
tested on both Windows and Linux with several different versions. Windows paths have to
|
||||
be escaped with 4 backslashes on the command line. There is a companion module that
|
||||
allows you to download an arbitrary file. This vulnerability has been fixed in Applications
|
||||
allows for arbitrary file download. This vulnerability has been fixed in Applications
|
||||
Manager v11.9 b11912 and OpManager 11.6.
|
||||
},
|
||||
'Author' =>
|
||||
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||
and password combo. For IT360 targets enter the RPORT of the OpManager instance (usually
|
||||
8300). This module has been tested on both Windows and Linux with several different
|
||||
versions. Windows paths have to be escaped with 4 backslashes on the command line. There is
|
||||
a companion module that allows you to list the contents of any directory recursively. This
|
||||
a companion module that allows the recursive listing of any directory. This
|
||||
vulnerability has been fixed in Applications Manager v11.9 b11912 and OpManager 11.6.
|
||||
},
|
||||
'Author' =>
|
||||
|
@ -11,11 +11,11 @@ class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'WordPress XMLRPC Ghost Vulnerability Scanner',
|
||||
'Name' => 'WordPress XMLRPC GHOST Vulnerability Scanner',
|
||||
'Description' => %q{
|
||||
This module can be used to determine hosts vulnerable to the Ghost vulnerability via
|
||||
This module can be used to determine hosts vulnerable to the GHOST vulnerability via
|
||||
a call to the WordPress XMLRPC interface. If the target is vulnerable, the system
|
||||
will segfault and return a server error. On patched systems a normal XMLRPC error
|
||||
will segfault and return a server error. On patched systems, a normal XMLRPC error
|
||||
is returned.
|
||||
},
|
||||
'Author' =>
|
||||
|
@ -13,9 +13,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Wordpress Pixabay Images PHP Code Upload',
|
||||
'Name' => 'WordPress Pixabay Images PHP Code Upload',
|
||||
'Description' => %q{
|
||||
This module exploits multiple vulnerabilities in the Wordpress plugin Pixabay
|
||||
This module exploits multiple vulnerabilities in the WordPress plugin Pixabay
|
||||
Images 2.3.6. The plugin does not check the host of a provided download URL
|
||||
which can be used to store and execute malicious PHP code on the system.
|
||||
},
|
||||
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
|
||||
def exploit
|
||||
unless wordpress_and_online?
|
||||
fail_with(Failure::NoTarget, "#{peer} - #{target_uri} does not seeem to be Wordpress site")
|
||||
fail_with(Failure::NoTarget, "#{peer} - #{target_uri} does not seeem to be WordPress site")
|
||||
end
|
||||
|
||||
print_status("#{peer} - Starting up web service...")
|
||||
@ -120,7 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
def check
|
||||
res = wordpress_and_online?
|
||||
unless res
|
||||
vprint_error("#{peer} - It doesn't look like a Wordpress site")
|
||||
vprint_error("#{peer} - It doesn't look like a WordPress site")
|
||||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
|
@ -13,9 +13,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
def initialize(info = {})
|
||||
super(update_info(
|
||||
info,
|
||||
'Name' => 'Remote Code Execution in Wordpress Platform Theme',
|
||||
'Name' => 'Remote Code Execution in WordPress Platform Theme',
|
||||
'Description' => %q{
|
||||
The Wordpress Theme "platform" contains a remote code execution vulnerability
|
||||
The WordPress Theme "platform" contains a remote code execution vulnerability
|
||||
through an unchecked admin_init call. The theme includes the uploaded file
|
||||
from it's temp filename with php's include function.
|
||||
},
|
||||
|
@ -6,7 +6,7 @@
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
Rank = GoodRanking # Would be Great except MBAE doesn't version check
|
||||
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
@ -22,8 +22,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
This module exploits a vulnerability in the update functionality of
|
||||
Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes
|
||||
Anti-Exploit consumer 1.03.1.1220.
|
||||
Due to the lack of proper update package validation a man-in-the-middle
|
||||
attacker could execute arbitrary code by spoofing the update server
|
||||
Due to the lack of proper update package validation, a man-in-the-middle
|
||||
(MITM) attacker could execute arbitrary code by spoofing the update server
|
||||
data-cdn.mbamupdates.com and uploading an executable. This module has
|
||||
been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.
|
||||
},
|
||||
|
@ -16,11 +16,13 @@ class Metasploit3 < Msf::Exploit::Local
|
||||
super(update_info(info, {
|
||||
'Name' => 'MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape',
|
||||
'Description' => %q{
|
||||
This module abuses a process creation policy in Internet Explorer's sandbox, specifically
|
||||
the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape
|
||||
the Protected Mode, and execute code with Medium Integrity. At the moment, this module only
|
||||
bypass Protected Mode on Windows 7 SP1 and prior (32 bits). This module has been tested
|
||||
successfully on Windows 7 SP1 (32 bits) with IE 8 and IE 11.
|
||||
This module abuses a process creation policy in Internet Explorer's
|
||||
sandbox; specifically, Microsoft's RemoteApp and Desktop Connections runtime
|
||||
proxy, TSWbPrxy.exe. This vulnerability allows the attacker to escape the
|
||||
Protected Mode and execute code with Medium Integrity. At the moment, this
|
||||
module only bypass Protected Mode on Windows 7 SP1 and prior (32 bits). This
|
||||
module has been tested successfully on Windows 7 SP1 (32 bits) with IE 8 and IE
|
||||
11.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
Loading…
Reference in New Issue
Block a user