Skip to content

Commit e73286c

Browse files
brandonprrybrandonprry
committed
update stale references
1 parent de2bf01 commit e73286c

File tree

1 file changed

+14
-10
lines changed

1 file changed

+14
-10
lines changed

modules/auxiliary/scanner/http/joomla_gallerywd_sqli_scanner.rb

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -14,27 +14,31 @@ class Metasploit4 < Msf::Auxiliary
1414

1515
def initialize(info = {})
1616
super(update_info(info,
17-
'Name' => '',
17+
'Name' => 'Gallery WD for Joomla! Unauthenticated SQL Injection Scanner',
1818
'Description' => %q{
19+
This module will scan for Joomla! instances vulnerable to an unauthenticated SQL injection
20+
within the Gallery WD for Joomla! extension version 1.2.5 and likely prior.
1921
},
2022
'Author' =>
2123
[
24+
'CrashBandicoot', #independent discovery/0day drop
25+
'bperry' #discovery/metasploit module
2226
],
2327
'License' => MSF_LICENSE,
2428
'References' =>
2529
[
26-
[ 'CVE', '2013-3621' ],
27-
[ 'CVE', '2013-3623' ],
28-
[ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities']
30+
[ 'EDB', '36563']
2931
],
30-
'DisclosureDate' => 'Nov 06 2013'))
32+
'DisclosureDate' => 'Mar 30 2015'))
3133

34+
register_options([
35+
OptString.new('TARGETURI', [true, 'Target URI of the Joomla! instance', '/'])
36+
], self.class)
3237
end
3338

3439
def run_host(ip)
35-
36-
left_marker = Rex::Text.rand_text_alpha(5)
3740
right_marker = Rex::Text.rand_text_alpha(5)
41+
left_marker = Rex::Text.rand_text_alpha(5)
3842
flag = Rex::Text.rand_text_alpha(5)
3943

4044
vprint_status("#{peer} - Checking host")
@@ -88,13 +92,13 @@ def run_host(ip)
8892
result = res.body =~ /#{left_marker}#{flag}#{right_marker}/
8993

9094
if result
91-
print_good("#{peer} - Vulnerable to CVE-2013-3623 (close_window.cgi Buffer Overflow)")
95+
print_good("#{peer} - Vulnerable to unauthenticated SQL injection within Gallery WD for Joomla!")
9296
report_vuln({
9397
:host => rhost,
9498
:port => rport,
9599
:proto => 'tcp',
96-
:name => "Supermicro Onboard IPMI close_window.cgi Buffer Overflow",
97-
:refs => self.references.select { |ref| ref.ctx_val == "2013-3623" }
100+
:name => "Unauthenticated error-based SQL injection in Gallery WD for Joomla!",
101+
:refs => self.references.select { |ref| ref.ctx_val == "36563" }
98102
})
99103
end
100104

0 commit comments

Comments
 (0)