Trade MS12-004 for MS13-090 against Windows XP BrowserAutoPwn

wchen-r7 · wchen-r7 · commit d23c9b552f51 · 2015-02-10T18:58:56.000-06:00
diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb
@@ -10,19 +10,6 @@ class Metasploit3 < Msf::Exploit::Remote
 
   include Msf::Exploit::Remote::HttpServer::HTML
   include Msf::Exploit::RopDb
-  include Msf::Exploit::Remote::BrowserAutopwn
-  autopwn_info({
-    :ua_name    => HttpClients::IE,
-    :ua_minver  => "6.0",
-    :ua_maxver  => "8.0",
-    :javascript => true,
-    :os_name    => OperatingSystems::Match::WINDOWS,
-    :vuln_test  => %Q|
-      var v = window.os_detect.getVersion();
-      var os_name = v['os_name'];
-      if (os_name.indexOf('Windows XP') == 0) {is_vuln = true;} else { is_vuln = false; }
-    |,
-  })
 
   def initialize(info={})
     super(update_info(info,
diff --git a/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb b/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb
@@ -9,6 +9,19 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
 
   include Msf::Exploit::Remote::BrowserExploitServer
+  include Msf::Exploit::Remote::BrowserAutopwn
+  autopwn_info({
+    :ua_name    => HttpClients::IE,
+    :ua_minver  => "8.0",
+    :ua_maxver  => "8.0",
+    :javascript => true,
+    :os_name    => OperatingSystems::Match::WINDOWS_XP,
+# BrowserAutoPwn currently has a syntax error bug so we can't use classid and method,
+# so we have these commented out for now. But it's not so bad because by default
+# Windows XP has this ActiveX, and BrowserExploitServer's check will kick in.
+#    :classid    => "{19916E01-B44E-4E31-94A4-4696DF46157B}",
+#    :method     => "requiredClaims"
+  })
 
   def initialize(info={})
     super(update_info(info,
