@@ -46,9 +46,9 @@ def initialize(info = {})
4646 'References' =>
4747 [
4848 [ 'CVE' , '2014-9390' ] ,
49+ [ 'URL' , 'https://community.rapid7.com/community/metasploit/blog/2015/01/01/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial' ] ,
4950 [ 'URL' , 'http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html' ] ,
5051 [ 'URL' , 'http://article.gmane.org/gmane.linux.kernel/1853266' ] ,
51- [ 'URL' , 'https://community.rapid7.com/community/metasploit/blog/2014/12/30/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial' ] ,
5252 [ 'URL' , 'https://github.com/blog/1938-vulnerability-announced-update-your-git-clients' ] ,
5353 [ 'URL' , 'https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/' ] ,
5454 [ 'URL' , 'http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29' ] ,
@@ -86,8 +86,7 @@ def initialize(info = {})
8686
8787 register_options (
8888 [
89- OptBool . new ( 'GIT' , [ true , 'Exploit Git clients' , true ] ) ,
90- OptBool . new ( 'MERCURIAL' , [ true , 'Exploit Mercurial clients' , false ] )
89+ OptBool . new ( 'GIT' , [ true , 'Exploit Git clients' , true ] )
9190 ]
9291 )
9392
@@ -96,7 +95,8 @@ def initialize(info = {})
9695 OptString . new ( 'GIT_URI' , [ false , 'The URI to use as the malicious Git instance (empty for random)' , '' ] ) ,
9796 OptString . new ( 'MERCURIAL_URI' , [ false , 'The URI to use as the malicious Mercurial instance (empty for random)' , '' ] ) ,
9897 OptString . new ( 'GIT_HOOK' , [ false , 'The Git hook to use for exploitation' , 'post-checkout' ] ) ,
99- OptString . new ( 'MERCURIAL_HOOK' , [ false , 'The Mercurial hook to use for exploitation' , 'update' ] )
98+ OptString . new ( 'MERCURIAL_HOOK' , [ false , 'The Mercurial hook to use for exploitation' , 'update' ] ) ,
99+ OptBool . new ( 'MERCURIAL' , [ false , 'Enable experimental Mercurial support' , false ] )
100100 ]
101101 )
102102 end
0 commit comments