adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix description

Browse Source
This commit is contained in:
Tod Beardsley
2014-09-24 16:13:05 -05:00
parent ca63fe931d
commit 2f788c2e0c
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/auxiliary/admin/http/bash_env.rb
+8 -2
View File
@@ -11,9 +11,15 @@ class Metasploit4 < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'Bash Specially-Crafted Environment Variables Code Injection Attack (PoC)',
'Name' => 'Bash Specially-Crafted Environment Variables Code Injection Attack',
'Description' => %q{
This module exploits a vulnerability.
This module exploits a remote command injection vulnerability in bash,
a popular shell environment, over an HTTP CGI vector. By passing a specially-crafted
string that is set as an environment variable, attckers may execute arbitrary operating
system commands.
For this version of the exploit, the target must already have netcat (nc) compiled with the
-e option.
},
'Author' => ['wvu'],
'References' => [