Replace links

wchen-r7 · wchen-r7 · commit e7d6493311d0 · 2015-10-28T10:45:02.000-05:00
diff --git a/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb b/modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb
@@ -46,7 +46,8 @@ def initialize(info = {})
       'References' => [
         [ 'CVE', '2015-0964' ], # XSS vulnerability
         [ 'CVE', '2015-0965' ], # CSRF vulnerability
-        [ 'CVE', '2015-0966' ]  # "techician/yZgO8Bvj" web interface backdoor
+        [ 'CVE', '2015-0966' ], # "techician/yZgO8Bvj" web interface backdoor
+        [ 'URL', 'https://community.rapid7.com/community/infosec/blog/2015/06/05/r7-2015-01-csrf-backdoor-and-persistent-xss-on-arris-motorola-cable-modems' ],
       ]
     ))
 
diff --git a/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb b/modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb
@@ -27,7 +27,8 @@ def initialize(info = {})
         [
           ['CVE', '2014-7862'],
           ['OSVDB', '116554'],
-          ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/2']
+          ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/2'],
+          ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt'],
         ],
       'DisclosureDate' => 'Dec 31 2014'))
 
diff --git a/modules/auxiliary/admin/http/manageengine_dir_listing.rb b/modules/auxiliary/admin/http/manageengine_dir_listing.rb
@@ -36,7 +36,8 @@ def initialize(info={})
         [
           ['CVE', '2014-7863'],
           ['OSVDB', '117696'],
-          ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114']
+          ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114'],
+          ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_failservlet.txt']
         ],
       'DisclosureDate' => 'Jan 28 2015'))
 
diff --git a/modules/auxiliary/admin/http/manageengine_file_download.rb b/modules/auxiliary/admin/http/manageengine_file_download.rb
@@ -34,7 +34,8 @@ module will attempt to login using the default credentials for the administrator
         [
           ['CVE', '2014-7863'],
           ['OSVDB', '117695'],
-          ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114']
+          ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114'],
+          ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_failservlet.txt']
         ],
       'DisclosureDate' => 'Jan 28 2015'))
 
diff --git a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
@@ -34,7 +34,8 @@ def initialize(info = {})
         [
           [ 'CVE', '2014-8499' ],
           [ 'OSVDB', '114485' ],
-          [ 'URL', 'http://seclists.org/fulldisclosure/2014/Nov/18' ]
+          [ 'URL', 'http://seclists.org/fulldisclosure/2014/Nov/18' ],
+          [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_pmp_privesc.txt' ],
         ],
       'DisclosureDate' => 'Nov 8 2014'))
 
diff --git a/modules/auxiliary/admin/http/netflow_file_download.rb b/modules/auxiliary/admin/http/netflow_file_download.rb
@@ -28,7 +28,8 @@ def initialize(info={})
         [
           [ 'CVE', '2014-5445' ],
           [ 'OSVDB', '115340' ],
-          [ 'URL', 'http://seclists.org/fulldisclosure/2014/Dec/9' ]
+          [ 'URL', 'http://seclists.org/fulldisclosure/2014/Dec/9' ],
+          [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_netflow_it360_file_dl.txt' ]
         ],
       'DisclosureDate' => 'Nov 30 2014'))
 
diff --git a/modules/auxiliary/admin/http/sysaid_admin_acct.rb b/modules/auxiliary/admin/http/sysaid_admin_acct.rb
@@ -27,7 +27,8 @@ def initialize(info = {})
       'References' =>
         [
           [ 'CVE', '2015-2993' ],
-          [ 'URL', 'http://seclists.org/fulldisclosure/2015/Jun/8' ]
+          [ 'URL', 'http://seclists.org/fulldisclosure/2015/Jun/8' ],
+          [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/sysaid-14.4-multiple-vulns.txt' ],
         ],
       'DisclosureDate' => 'Jun 3 2015'))
 
diff --git a/modules/auxiliary/admin/http/sysaid_file_download.rb b/modules/auxiliary/admin/http/sysaid_file_download.rb
@@ -34,7 +34,8 @@ def initialize(info={})
         [
           ['CVE', '2015-2996'],
           ['CVE', '2015-2997'],
-          ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8']
+          ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8'],
+          ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/sysaid-14.4-multiple-vulns.txt'],
         ],
       'DisclosureDate' => 'Jun 3 2015'))
 
diff --git a/modules/auxiliary/admin/http/sysaid_sql_creds.rb b/modules/auxiliary/admin/http/sysaid_sql_creds.rb
@@ -29,7 +29,8 @@ def initialize(info={})
         [
           ['CVE', '2015-2996'],
           ['CVE', '2015-2998'],
-          ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8']
+          ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8'],
+          ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/sysaid-14.4-multiple-vulns.txt']
         ],
       'DisclosureDate' => 'Jun 3 2015'))
 
diff --git a/modules/auxiliary/bnat/bnat_router.rb b/modules/auxiliary/bnat/bnat_router.rb
@@ -21,6 +21,7 @@ def initialize
       'License'      => MSF_LICENSE,
       'References'   =>
         [
+          [ 'URL', 'https://github.com/claudijd/bnat' ],
           [ 'URL', 'http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken-communication-channels']
         ]
     )
diff --git a/modules/auxiliary/bnat/bnat_scan.rb b/modules/auxiliary/bnat/bnat_scan.rb
@@ -25,6 +25,7 @@ def initialize
       'License'      => MSF_LICENSE,
       'References'   =>
         [
+          [ 'URL', 'https://github.com/claudijd/bnat'],
           [ 'URL', 'http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken-communication-channels']
         ]
     )
diff --git a/modules/auxiliary/dos/ssl/openssl_aesni.rb b/modules/auxiliary/dos/ssl/openssl_aesni.rb
@@ -28,7 +28,8 @@ def initialize(info = {})
       'License'		=> MSF_LICENSE,
       'References'	=>
         [
-          [ 'CVE', '2012-2686']
+          [ 'CVE', '2012-2686'],
+          [ 'URL', 'https://www.openssl.org/news/secadv/20130205.txt' ]
         ],
       'DisclosureDate' => 'Feb 05 2013'))
 

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,8 @@ def initialize(info = {})`
`46`	`46`	`'References' => [`
`47`	`47`	`[ 'CVE', '2015-0964' ], # XSS vulnerability`
`48`	`48`	`[ 'CVE', '2015-0965' ], # CSRF vulnerability`
`49`		`- [ 'CVE', '2015-0966' ] # "techician/yZgO8Bvj" web interface backdoor`
	`49`	`+ [ 'CVE', '2015-0966' ], # "techician/yZgO8Bvj" web interface backdoor`
	`50`	`+ [ 'URL', 'https://community.rapid7.com/community/infosec/blog/2015/06/05/r7-2015-01-csrf-backdoor-and-persistent-xss-on-arris-motorola-cable-modems' ],`
`50`	`51`	`]`
`51`	`52`	`))`
`52`	`53`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,8 @@ def initialize(info = {})`
`27`	`27`	`[`
`28`	`28`	`['CVE', '2014-7862'],`
`29`	`29`	`['OSVDB', '116554'],`
`30`		`- ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/2']`
	`30`	`+ ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/2'],`
	`31`	`+ ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt'],`
`31`	`32`	`],`
`32`	`33`	`'DisclosureDate' => 'Dec 31 2014'))`
`33`	`34`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,8 @@ def initialize(info={})`
`36`	`36`	`[`
`37`	`37`	`['CVE', '2014-7863'],`
`38`	`38`	`['OSVDB', '117696'],`
`39`		`- ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114']`
	`39`	`+ ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114'],`
	`40`	`+ ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_failservlet.txt']`
`40`	`41`	`],`
`41`	`42`	`'DisclosureDate' => 'Jan 28 2015'))`
`42`	`43`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,8 @@ module will attempt to login using the default credentials for the administrator`
`34`	`34`	`[`
`35`	`35`	`['CVE', '2014-7863'],`
`36`	`36`	`['OSVDB', '117695'],`
`37`		`- ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114']`
	`37`	`+ ['URL', 'http://seclists.org/fulldisclosure/2015/Jan/114'],`
	`38`	`+ ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_failservlet.txt']`
`38`	`39`	`],`
`39`	`40`	`'DisclosureDate' => 'Jan 28 2015'))`
`40`	`41`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,8 @@ def initialize(info = {})`
`34`	`34`	`[`
`35`	`35`	`[ 'CVE', '2014-8499' ],`
`36`	`36`	`[ 'OSVDB', '114485' ],`
`37`		`- [ 'URL', 'http://seclists.org/fulldisclosure/2014/Nov/18' ]`
	`37`	`+ [ 'URL', 'http://seclists.org/fulldisclosure/2014/Nov/18' ],`
	`38`	`+ [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_pmp_privesc.txt' ],`
`38`	`39`	`],`
`39`	`40`	`'DisclosureDate' => 'Nov 8 2014'))`
`40`	`41`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,8 @@ def initialize(info={})`
`28`	`28`	`[`
`29`	`29`	`[ 'CVE', '2014-5445' ],`
`30`	`30`	`[ 'OSVDB', '115340' ],`
`31`		`- [ 'URL', 'http://seclists.org/fulldisclosure/2014/Dec/9' ]`
	`31`	`+ [ 'URL', 'http://seclists.org/fulldisclosure/2014/Dec/9' ],`
	`32`	`+ [ 'URL', 'https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_netflow_it360_file_dl.txt' ]`
`32`	`33`	`],`
`33`	`34`	`'DisclosureDate' => 'Nov 30 2014'))`
`34`	`35`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,8 @@ def initialize(info={})`
`34`	`34`	`[`
`35`	`35`	`['CVE', '2015-2996'],`
`36`	`36`	`['CVE', '2015-2997'],`
`37`		`- ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8']`
	`37`	`+ ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8'],`
	`38`	`+ ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/sysaid-14.4-multiple-vulns.txt'],`
`38`	`39`	`],`
`39`	`40`	`'DisclosureDate' => 'Jun 3 2015'))`
`40`	`41`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,8 @@ def initialize(info={})`
`29`	`29`	`[`
`30`	`30`	`['CVE', '2015-2996'],`
`31`	`31`	`['CVE', '2015-2998'],`
`32`		`- ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8']`
	`32`	`+ ['URL', 'http://seclists.org/fulldisclosure/2015/Jun/8'],`
	`33`	`+ ['URL', 'https://github.com/pedrib/PoC/blob/master/advisories/sysaid-14.4-multiple-vulns.txt']`
`33`	`34`	`],`
`34`	`35`	`'DisclosureDate' => 'Jun 3 2015'))`
`35`	`36`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ def initialize`
`21`	`21`	`'License' => MSF_LICENSE,`
`22`	`22`	`'References' =>`
`23`	`23`	`[`
	`24`	`+ [ 'URL', 'https://github.com/claudijd/bnat' ],`
`24`	`25`	`[ 'URL', 'http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken-communication-channels']`
`25`	`26`	`]`
`26`	`27`	`)`