adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb4e9e2d4d8a4bba6bfb34171dbdc4ed64d5681c
metasploit-gs/modules/exploits/multi/http
T
History
Tom Sellers 8f47edb899 JBoss_Maindeployer: improve feedback against CVE-2010-0738 
The exploit against CVE-2010-0738 won't work when using GET or POST.  In the existing code the request would fail and the function would return a nil.  This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:

Exploit failed: NoMethodError undefined method `body' for nil:NilClass

The first changes detect a 401 authentication message and provide useful feedback.  Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.

I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
..
activecollab_chat.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
ajaxplorer_checkinstall_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
apache_roller_ognl_injection.rb
Add module for CVE-2013-4212
2013-11-19 10:25:52 -06:00
apprain_upload_exec.rb
Saving progress
2014-01-21 17:14:55 -06:00
auxilium_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
axis2_deployer.rb
Land #2559 - remove content-length
2013-10-22 16:03:42 -05:00
cisco_dcnm_upload.rb
Saving progress
2014-01-21 17:14:55 -06:00
coldfusion_rds.rb
Saving progress
2014-01-21 17:14:55 -06:00
cuteflow_upload_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
dexter_casinoloader_exec.rb
Always replace \ with / for Dexter exploit
2014-02-19 09:24:07 -06:00
eaton_nsm_code_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
extplorer_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
familycms_less_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
freenas_exec_raw.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
gestioip_exec.rb
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
gitorious_graph.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
glassfish_deployer.rb
Clean up unused variables
2014-01-30 11:20:21 -06:00
glossword_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
glpi_install_rce.rb
Saving progress
2014-01-21 14:10:35 -06:00
horde_href_backdoor.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
hp_sitescope_issuesiebelcmd.rb
Change description
2013-12-23 02:33:17 -06:00
hp_sitescope_uploadfileshandler.rb
Remove @peer for modules that use HttpClient
2013-12-03 12:58:16 -06:00
hp_sys_mgmt_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
hyperic_hq_script_console.rb
Saving progress
2014-01-21 14:10:35 -06:00
ispconfig_php_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
jboss_bshdeployer.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
jboss_deploymentfilerepository.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
jboss_invoke_deploy.rb
Saving progress
2014-01-21 14:10:35 -06:00
jboss_maindeployer.rb
JBoss_Maindeployer: improve feedback against CVE-2010-0738
2014-04-24 12:37:14 -05:00
jenkins_script_console.rb
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
kordil_edms_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
lcms_php_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
log1cms_ajax_create_folder.rb
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
manageengine_search_sqli.rb
Saving progress
2014-01-21 14:10:35 -06:00
mediawiki_thumb.rb
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
mobilecartly_upload_exec.rb
Remove @peer for modules that use HttpClient
2013-12-03 12:58:16 -06:00
moodle_cmd_exec.rb
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
movabletype_upgrade_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
mutiny_subnetmask_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
nas4free_php_exec.rb
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
netwin_surgeftp_exec.rb
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
op5_license.rb
Saving progress
2014-01-21 14:10:35 -06:00
op5_welcome.rb
Saving progress
2014-01-21 14:10:35 -06:00
openfire_auth_bypass.rb
Update some checks
2014-01-24 12:08:23 -06:00
openmediavault_cmd_exec.rb
Reorder refs for some reason.
2013-10-30 12:25:55 -05:00
openx_backdoor_php.rb
Saving progress
2014-01-21 14:10:35 -06:00
oracle_reports_rce.rb
Pre-release fixes, including msftidy errors.
2014-02-18 14:02:37 -06:00
php_cgi_arg_injection.rb
Saving progress
2014-01-21 14:10:35 -06:00
php_volunteer_upload_exec.rb
Remove @peer for modules that use HttpClient
2013-12-03 12:58:16 -06:00
phpldapadmin_query_engine.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
phpmyadmin_3522_backdoor.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
phpmyadmin_preg_replace.rb
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
phpscheduleit_start_date.rb
Saving progress
2014-01-21 14:10:35 -06:00
phptax_exec.rb
Saving progress
2014-01-21 14:10:35 -06:00
plone_popen2.rb
Saving progress
2014-01-21 14:10:35 -06:00
pmwiki_pagelist.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
polarcms_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
processmaker_exec.rb
Removes hash rockets from references.
2014-03-17 09:40:32 -05:00
qdpm_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
rails_json_yaml_code_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
rails_secret_deserialization.rb
Update rails_secret_deserialization.rb
2014-01-07 21:41:15 +01:00
rails_xml_yaml_code_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
sflog_upload_exec.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
sit_file_upload.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
snortreport_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
sonicwall_gms_upload.rb
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
splunk_mappy_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
splunk_upload_app_exec.rb
Saving progress
2014-01-21 13:03:36 -06:00
spree_search_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
spree_searchlogic_exec.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
struts_code_exec_exception_delegator.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
struts_code_exec_parameters.rb
Saving progress
2014-01-21 13:03:36 -06:00
struts_code_exec.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
struts_default_action_mapper.rb
Merge branch 'upstream/master' into stop_abusing_expand_path
2014-03-11 23:13:39 +10:00
struts_dev_mode.rb
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00
struts_include_params.rb
Saving progress
2014-01-21 13:03:36 -06:00
stunshell_eval.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
stunshell_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
sun_jsws_dav_options.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
testlink_upload_exec.rb
Saving progress
2014-01-21 13:03:36 -06:00
tomcat_mgr_deploy.rb
Saving progress
2014-01-21 13:03:36 -06:00
tomcat_mgr_upload.rb
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00
traq_plugin_exec.rb
Oops, I broke this module
2014-01-22 11:23:18 -06:00
uptime_file_upload.rb
Saving progress
2014-01-21 13:03:36 -06:00
v0pcr3w_exec.rb
Redo the boilerplate / splat
2013-10-15 13:51:57 -05:00
vbseo_proc_deutf.rb
Fix first chunk of msftidy "bad char" errors
2014-03-11 11:18:54 -05:00
vtiger_install_rce.rb
Fix everything that needs to be fixed
2014-04-08 14:57:42 -05:00
vtiger_php_exec.rb
Saving progress
2014-01-21 13:03:36 -06:00
vtiger_soap_upload.rb
Make module work
2014-02-20 08:35:37 -06:00
webpagetest_upload_exec.rb
Saving progress
2014-01-21 13:03:36 -06:00
wikka_spam_exec.rb
Remove @peer for modules that use HttpClient
2013-12-03 12:58:16 -06:00
zabbix_script_exec.rb
Saving progress
2014-01-21 13:03:36 -06:00
zenworks_control_center_upload.rb
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00