New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nuuo_nvrmini_upgrade_rce #11069

Closed
wants to merge 2 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@berkdsnr

berkdsnr commented Dec 5, 2018

NUUO NVRmini ip camera web application. The upgrade_handle.php file is affected by the remote command execution vulnerability.

Tell us what this change does. If you're fixing a bug, please mention
the github issue number.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/windows/smb/ms08_067_netapi
  • ...
  • Verify the thing does what it should
  • Verify the thing does not do what it should not
  • Document the thing and how it works (Example)

berkdsnr added some commits Dec 5, 2018

nuuo_nvrmini_upgrade_rce
NUUO NVRmini  ip camera web application. The upgrade_handle.php file is affected by the remote command execution vulnerability.
@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 5, 2018

It is required that code in your fork be merged from a unique branch in your repository to master in Rapid7's. Please create a new branch in your fork of framework and resubmit this from that branch.

git checkout -b <BRANCH_NAME>
git push <your_fork_remote> <BRANCH_NAME>

This helps protect the process, ensure users are aware of commits on the branch being considered for merge, allows for a location for more commits to be offered without mingling with other contributor changes and allows contributors to make progress while a PR is still being reviewed.

Closing based on the this requirement, please do resubmit from a unique branch.

@bcoles bcoles closed this Dec 5, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 5, 2018

.rb file extension is required.

git mv modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce.rb

],
'References' =>
[
['URL', 'https://www.exploit-db.com/exploits/45070/'],

This comment has been minimized.

@bcoles

bcoles Dec 5, 2018

Contributor

No need to repeat this, as you have ['EDB','45070'] below.

'vars_get' =>
{
'cmd' => 'writeuploaddir',
'uploaddir' => "';echo 'exploit_ok';'"

This comment has been minimized.

@bcoles

bcoles Dec 5, 2018

Contributor

Can exploit_ok be randomized?

'uploaddir' => "';echo 'exploit_ok';'"
}
})
if res.code == 200 and res.body =~ /upload_tmp_dir/

This comment has been minimized.

@bcoles

bcoles Dec 5, 2018

Contributor

Check whether the request was successful first:

unless res
  vprint_error 'Connection failed'
  return CheckCode::Unknown
end
uri = normalize_uri(target_uri.path.to_s, "upgrade_handle.php")
res = send_request_cgi({
'method' => 'GET',
'uri' => uri,

This comment has been minimized.

@bcoles

bcoles Dec 5, 2018

Contributor

Indentation messed up.

@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 6, 2018

Hi @berkdsnr .

You can find a summary here: https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md

The short version is, from your fork of Metasploit, do this:

git checkout master                        # ensure you're on the master branch
git branch nuuo_nvrmini_upgrade_rce        # create a new branch
git checkout nuuo_nvrmini_upgrade_rce      # switch to the new branch

# put your module in the modules/ directory
# mv /path/to/your/module modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce.rb

git add modules/exploits/linux/http/nuuo_nvrmini_upgrade_rce.rb   # add your changes to the branch
git commit -m "Add nuuo_nvrmini_upgrade_rce module"   # commit your changes
git push origin nuuo_nvrmini_upgrade_rce   # push your new branch to GitHub

Then you can create your PR via the GitHub web interface.

@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 6, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 6, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Dec 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment