Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hex-noslashes to Rex::Proto::Http::Client #13052

Merged
merged 1 commit into from
Mar 10, 2020
Merged

Add hex-noslashes to Rex::Proto::Http::Client #13052

merged 1 commit into from
Mar 10, 2020

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Mar 10, 2020
edited
Loading 

msf5 exploit([redacted]) > set http::uri_encode_mode hex-
set http::uri_encode_mode hex-all        set http::uri_encode_mode hex-normal     set http::uri_encode_mode hex-noslashes  set http::uri_encode_mode hex-random
msf5 exploit([redacted]) > set http::uri_encode_mode hex-noslashes
http::uri_encode_mode => hex-noslashes
msf5 exploit([redacted]) > run

The specified value for uri_encode_mode is not one of the valid choices
[-] Exploit failed: Rex::RuntimeError The specified value for uri_encode_mode is not one of the valid choices
[*] Exploit completed, but no session was created.
msf5 exploit([redacted]) >

Fixes #3353.

@smcintyre-r7 smcintyre-r7 self-assigned this Mar 10, 2020
smcintyre-r7
smcintyre-r7 approved these changes Mar 10, 2020
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I see this is a valid mode for Rex::Text.uri_encode which ultimately handles this.

I'll land this after a quick test.

@smcintyre-r7 smcintyre-r7 merged commit 5e1e6e6 into rapid7:master Mar 10, 2020
@smcintyre-r7
Copy link
Contributor

smcintyre-r7 commented Mar 10, 2020
edited by tperry-r7
Loading

Release Notes

Adds hex-noslashes as a valid mode for URI encoding. This takes advantage of existing functionality and exposes it to Framework users via the datastore options within the UI.

@wvu wvu deleted the bug/http branch March 10, 2020 19:34
@wvu
Copy link
Contributor Author

wvu commented Mar 10, 2020

Thanks!

@tperry-r7 tperry-r7 added the rn-fix release notes fix label Mar 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smcintyre-r7 smcintyre-r7 smcintyre-r7 approved these changes

Assignees

@smcintyre-r7 smcintyre-r7

Labels
bug easy library rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wvu @smcintyre-r7 @tperry-r7