dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #3643. These modules now report_vuln() correctly. 

git-svn-id: file:///home/svn/framework3/trunk@11697 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
Tod Beardsley 2011-02-02 17:42:23 +00:00
parent 99b1703416
commit e31f35e3ae
6 changed files with 47 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/auxiliary/scanner/http/cisco_device_manager.rb
View File

@ -67,18 +67,18 @@ class Metasploit3 < Msf::Auxiliary
# Report a vulnerability only if no password was specified
if datastore['BasicAuthPass'].to_s.length == 0
report_vuln(
:host => rhost,
:port => rport,
:name => 'IOS-HTTP-NO-AUTH',
:info => "http://#{rhost}:#{rport}/exec/show/version/CR",
:refs =>
[
[ 'BID', '1846'],
[ 'CVE', '2000-0945'],
[ 'OSVDB', '444'],
]
{
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => 'IOS-HTTP-NO-AUTH',
:info => "http://#{rhost}:#{rport}/exec/show/version/CR",
:refs => self.references
}
)
end
res = send_request_cgi({

17
modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb
View File

@ -58,15 +58,18 @@ class Metasploit3 < Msf::Auxiliary
if res and res.body and res.body =~ /Cisco Internetwork Operating System Software/
print_good("#{rhost}:#{rport} Found vulnerable privilege level: #{level}")
report_vuln(
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => 'IOS-HTTP-AUTH-BYPASS',
:data => "http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR"
{
:host => rhost,
:port => rport,
:proto => 'tcp',
:name => 'IOS-HTTP-AUTH-BYPASS',
:info => "http://#{rhost}:#{rport}/level/#{level}/exec/show/version/CR",
:refs => self.references
}
)
res = send_request_cgi({
'uri' => "/level/#{level}/exec/show/config/CR",
'method' => 'GET'

17
modules/auxiliary/scanner/http/frontpage_login.rb
View File

@ -127,15 +127,14 @@ class Metasploit3 < Msf::Auxiliary
# Report a note or vulnerability or something
# Not really this one, but close
report_vuln(
:host => target_host,
:port => rport,
:proto => 'http',
:name => 'FrontPage ACCESS ALLOWED',
:info => "#{info} FrontPage ACCESS ALLOWED [#{retcode}]",
:refs =>
[
[ 'CVE', '2006-0015'],
]
{
:host => target_host,
:port => rport,
:proto => 'tcp',
:name => 'FrontPage ACCESS ALLOWED',
:info => "#{info} FrontPage ACCESS ALLOWED [#{retcode}]",
:refs => self.references
}
)
when /^401/
print_error("#{info} FrontPage Password Protected [#{retcode}]")

20
modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb
View File

@ -102,18 +102,14 @@ class Metasploit3 < Msf::Auxiliary
report_vuln(
:host => ip,
:port => rport,
:name => 'IIS-WEBDAV-UNICODE-BYPASS',
:info => "#{tpath}#{bogus} / Code: #{res.code}",
:refs =>
[
[ 'CVE', '2009-1122'],
[ 'CVE', '2009-1535'],
[ 'MSB', 'MS09-020'],
[ 'OSVDB', '54555'],
[ 'BID', '34993']
]
{
:host => ip,
:port => rport,
:proto => 'tcp',
:name => 'IIS-WEBDAV-UNICODE-BYPASS',
:info => "#{tpath}#{bogus} / Code: #{res.code}",
:refs => self.references
}
)
end

20
modules/auxiliary/scanner/http/vmware_server_dir_trav.rb
View File

@ -59,17 +59,15 @@ class Metasploit3 < Msf::Auxiliary
#print_status("Output Of Requested File:\n#{res.body}")
print_status("#{target_host}:#{rport} appears vulnerable to VMWare Directory Traversal Vulnerability")
report_vuln(
:host => target_host,
:port => rport,
:proto => (ssl ? 'https' : 'http'),
:name => 'VMWARE-DIRECTORY-TRAVERSAL',
:data => res.code,
:refs =>
[
[ 'CVE', '2009-3733'],
[ 'BID', '36842'],
]
)
{
:host => target_host,
:port => rport,
:proto => 'tcp',
:name => 'VMWARE-DIRECTORY-TRAVERSAL',
:info => res.code,
:refs => self.references
}
)
else
''
#print_status("Received #{res.code} for #{trav}#{file}")

3
modules/auxiliary/scanner/vnc/vnc_none_auth.rb
View File

@ -81,7 +81,8 @@ class Metasploit3 < Msf::Auxiliary
:port => rport,
:proto => 'tcp',
:name => 'VNC-NONE-AUTH-ALLOWED',
:data => sec_type.join(",")
:info => sec_type.join(","),
:refs => self.references
})
end