New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add version check to Safari RCE exploit #11347

Merged
merged 1 commit into from Feb 4, 2019

Conversation

Projects
None yet
2 participants
@timwr
Copy link
Contributor

timwr commented Feb 2, 2019

Currently we're checking the OSX version, but not the Safari version.
This adds a quick check for the Safari version and prints a warning if it's not vulnerable.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/osx/browser/safari_proxy_object_type_confusion
  • set LHOST 127.0.0.1
  • set URIPATH /w
  • exploit
  • curl http://127.0.0.1:8080/w -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.2 Safari/605.1.15"
  • Verify you see "Safari version 12.0.2 is not vulnerable"

@timwr timwr added the osx label Feb 2, 2019

@timwr timwr changed the title add version to check to Safari RCE exploit add version check to Safari RCE exploit Feb 2, 2019

@busterb busterb self-assigned this Feb 4, 2019

@busterb busterb added the module label Feb 4, 2019

@busterb busterb merged commit 5fc0c66 into rapid7:master Feb 4, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Feb 4, 2019

msjenkins-r7 added a commit that referenced this pull request Feb 4, 2019

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Feb 4, 2019

Release Notes

This adds a version check to the safari_proxy_object_type_confusion browser exploit module, ensuring that it targets a vulnerable version of the Safari web browser.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment