My bb #3070

Closed
wants to merge 6 commits into
from

Conversation

Projects
None yet
4 participants
Contributor

Karmanovskii commented Mar 6, 2014

I moved the module in modules / auxiliary / gather /

Karmanovskii added some commits Feb 14, 2014

@Karmanovskii Karmanovskii Create myBB_GetTypeDB
This exploit allows you to specify the type of database forum Mybb.

Works by the operator wrongly used REGEXP. Which is not supported in postgreSQL and SQLite databases.
f9f2c40
@Karmanovskii Karmanovskii Rename modules/exploits/multi/http/myBB_GetTypeDB to modules/auxiliar…
…y/analyse/myBB_GetTypeDB.rb

On the advice of "wvu-r7" moved module.
81e89ea
@Karmanovskii Karmanovskii Rename modules/auxiliary/analyse/myBB_GetTypeDB.rb to modules/auxilia…
…ry/analyze/myBB_GetTypeDB.rb

Sorry again  :(
396ff8a
@Karmanovskii Karmanovskii Update and rename modules/auxiliary/analyze/myBB_GetTypeDB.rb to modu…
…les/auxiliary/gather/myBB_GetTypeDB.rb

Minor changes and bug: "Msf :: Auxiliary" - forgot to change
162527c

@wchen-r7 wchen-r7 and 1 other commented on an outdated diff Mar 6, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ Rank = ExcellentRanking
+
+ include Msf::Exploit::Remote::HttpClient
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'MyBB type database extractor',
+ 'Description' => %q{
+ This module exploits vulnerability in MyBB.
+ Provide type of database in forum
+ This affects versions <= 1.6.12
+ },
+ 'Author' =>
+ [
+ 'Arthur Karmanovskii', # Discovery
+ 'http://www.linkedin.com/pub/arthur-karmanovskii/82/923/812' # Metasploit Module
@wchen-r7

wchen-r7 Mar 6, 2014

Contributor

You put your name here :-) If you wish to promote your account (twitter/facebook/linkedin/website/etc), please leave that as a comment. Thanks.

@Karmanovskii

Karmanovskii Mar 6, 2014

Contributor

Ok :)

@wchen-r7 wchen-r7 commented on an outdated diff Mar 6, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ super(update_info(info,
+ 'Name' => 'MyBB type database extractor',
+ 'Description' => %q{
+ This module exploits vulnerability in MyBB.
+ Provide type of database in forum
+ This affects versions <= 1.6.12
+ },
+ 'Author' =>
+ [
+ 'Arthur Karmanovskii', # Discovery
+ 'http://www.linkedin.com/pub/arthur-karmanovskii/82/923/812' # Metasploit Module
+ ],
+ 'License' => MSF_LICENSE,
+ 'References' =>
+ [
+ [ '0 - days', '2014-13-02' ]
@wchen-r7

wchen-r7 Mar 6, 2014

Contributor

Do you have a valid reference? Maybe a blog you've written/published to explain about the issue. If you don't have any, please use:

['URL', 'hxxps://github.com/rapid7/metasploit-framework/pull/3070']

Which points to this pull request.

@wchen-r7 wchen-r7 commented on the diff Mar 6, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ [
+ [ '0 - days', '2014-13-02' ]
+ ],
+ 'Privileged' => false,
+ 'Platform' => ['php'],
+ 'Arch' => ARCH_PHP,
+ 'Targets' =>
+ [
+ [ 'Automatic', { } ],
+ ],
+ 'DefaultTarget' => 0,
+ 'DisclosureDate' => 'Feb 13 2014'))
+
+ register_options(
+ [
+ OptString.new('TARGETURI', [ true, "MyBB forum directory path", 'http://localhost/forum'])
@wchen-r7

wchen-r7 Mar 6, 2014

Contributor

Just /forum

@Karmanovskii

Karmanovskii Mar 7, 2014

Contributor

Sorry?

@jvazquez-r7

jvazquez-r7 Mar 28, 2014

Contributor

@wchen-r7 is asking to do something like:

OptString.new('TARGETURI', [ true, "MyBB forum directory path", '/forum'])

@wchen-r7 wchen-r7 commented on the diff Mar 6, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ ], self.class)
+ end
+
+ def check
+ begin
+ print_status("URI: #{datastore['TARGETURI']}")
+ uri = normalize_uri(target_uri.path, '/index.php')
+ res = send_request_raw(
+ {
+ 'method' => 'GET',
+ 'uri' => uri,
+ 'headers' =>
+ {
+ 'Accept' => 'text/html, application/xhtml+xml, */*',
+ 'Accept-Language' => 'ru-RU',
+ 'User-Agent' => 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
@wchen-r7

wchen-r7 Mar 6, 2014

Contributor

There is already a default one.

@wchen-r7 wchen-r7 commented on the diff Mar 6, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ OptString.new('TARGETURI', [ true, "MyBB forum directory path", 'http://localhost/forum'])
+ ], self.class)
+ end
+
+ def check
+ begin
+ print_status("URI: #{datastore['TARGETURI']}")
+ uri = normalize_uri(target_uri.path, '/index.php')
+ res = send_request_raw(
+ {
+ 'method' => 'GET',
+ 'uri' => uri,
+ 'headers' =>
+ {
+ 'Accept' => 'text/html, application/xhtml+xml, */*',
+ 'Accept-Language' => 'ru-RU',
@wchen-r7

wchen-r7 Mar 6, 2014

Contributor

It has to be Russian?

@Karmanovskii

Karmanovskii Mar 6, 2014

Contributor

any.

I wanted the header was identical to a real browser

wvu-r7 referenced this pull request Mar 6, 2014

Closed

Create myBB_GetTypeDB #2993

Karmanovskii added some commits Mar 7, 2014

@Karmanovskii Karmanovskii Update myBB_GetTypeDB.rb
1.I added comment header;
2.I made ​​a link to your account as a comment;
3.I added a link rapid7#3070
Items 2 and 3 on the advice wchen-r7
6d748f4
@Karmanovskii Karmanovskii Update myBB_GetTypeDB.rb
I have added detection MyBB forum.
0b51e74

@jvazquez-r7 jvazquez-r7 commented on the diff Mar 28, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
@@ -0,0 +1,133 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+class Metasploit3 < Msf::Auxiliary
+ Rank = ExcellentRanking
@jvazquez-r7

jvazquez-r7 Mar 28, 2014

Contributor

Auxiliary modules don't use Rank, it can be deleted.

@jvazquez-r7 jvazquez-r7 commented on the diff Mar 28, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
@@ -0,0 +1,133 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+class Metasploit3 < Msf::Auxiliary
+ Rank = ExcellentRanking
+
+ include Msf::Exploit::Remote::HttpClient
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'MyBB type database extractor',
+ 'Description' => %q{
@jvazquez-r7

jvazquez-r7 Mar 28, 2014

Contributor

Do you mind to explain a little bit better, this description is a little bit confusing.

@todb-r7

todb-r7 Mar 28, 2014

Contributor

I agree this is not helpful.

@jvazquez-r7 jvazquez-r7 commented on the diff Mar 28, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ super(update_info(info,
+ 'Name' => 'MyBB type database extractor',
+ 'Description' => %q{
+ This module exploits vulnerability in MyBB.
+ Provide type of database in forum
+ This affects versions <= 1.6.12
+ },
+ 'Author' =>
+ [
+ # http://www.linkedin.com/pub/arthur-karmanovskii/82/923/812
+ 'Arthur Karmanovskii <fnsnic[at]gmail.com>' # Discovery and Metasploit Module
+ ],
+ 'License' => MSF_LICENSE,
+ 'References' =>
+ [
+ [ 'URL', 'https://github.com/rapid7/metasploit-framework/pull/3070' ]
@jvazquez-r7

jvazquez-r7 Mar 28, 2014

Contributor

Honestly, references are more designed for external references, live vulnerabilities identifiers, blog explaining the vulnerability and/or exploitation, etc. Any other references?

@Karmanovskii

Karmanovskii Mar 28, 2014

Contributor

Unfortunately I do not have a blog. What do you advise me?

@todb-r7

todb-r7 Mar 28, 2014

Contributor

Is this an undisclosed vulnerability? Are you the discoverer? If so, then the pull request reference is appropriate because that represents the first public disclosure. Otherwise, an OSVDB or BID or CVE reference is more appropriate.

Dropping 0day on Metasploit's pull queue is unusual which is why @jvazquez-r7 was asking, I'm sure.

@Karmanovskii

Karmanovskii Mar 28, 2014

Contributor

Yes I am discoverer and it 0-days

Contributor

jvazquez-r7 commented Mar 28, 2014

module name should be lower case and snake_case: mybb_get_type_db.rb

Contributor

jvazquez-r7 commented Mar 28, 2014

Module doesn't pass msftidy, should pass:

$ tools/msftidy.rb modules/auxiliary/gather/myBB_GetTypeDB.rb
modules/auxiliary/gather/myBB_GetTypeDB.rb - [WARNING] Suspect capitalization in module title: 'type'
modules/auxiliary/gather/myBB_GetTypeDB.rb - [WARNING] Suspect capitalization in module title: 'database'
modules/auxiliary/gather/myBB_GetTypeDB.rb - [WARNING] Suspect capitalization in module title: 'extractor'
modules/auxiliary/gather/myBB_GetTypeDB.rb:22 - [WARNING] Space-Tab mixed indent: "\t\t  # http://www.linkedin.com/pub/arthur-karmanovskii/82/923/812\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:22 - [WARNING] Tabbed indent: "\t\t  # http://www.linkedin.com/pub/arthur-karmanovskii/82/923/812\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:23 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:48 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:48 - [WARNING] Tabbed indent: "\t\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:49 - [WARNING] Space-Tab mixed indent: "\t\t uri = normalize_uri(target_uri.path, '/index.php?intcheck=1')\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:49 - [WARNING] Tabbed indent: "\t\t uri = normalize_uri(target_uri.path, '/index.php?intcheck=1')\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:50 - [WARNING] Space-Tab mixed indent: "\t\t nclient = Rex::Proto::Http::Client.new(datastore['RHOST'], datastore['RPORT'],\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:50 - [WARNING] Tabbed indent: "\t\t nclient = Rex::Proto::Http::Client.new(datastore['RHOST'], datastore['RPORT'],\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:51 - [WARNING] Space-Tab mixed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   {\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:51 - [WARNING] Tabbed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   {\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:52 - [WARNING] Space-Tab mixed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t 'Msf'        => framework,\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:52 - [WARNING] Tabbed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t 'Msf'        => framework,\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:53 - [WARNING] Space-Tab mixed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t 'MsfExploit' => self,\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:53 - [WARNING] Tabbed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t 'MsfExploit' => self,\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:54 - [WARNING] Space-Tab mixed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   })\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:54 - [WARNING] Tabbed indent: "\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t   })\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:55 - [WARNING] Space-Tab mixed indent: "\t\t req = nclient.request_raw({\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:55 - [WARNING] Tabbed indent: "\t\t req = nclient.request_raw({\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:56 - [WARNING] Space-Tab mixed indent: "\t\t\t\t\t\t\t\t   'uri'     => uri,\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:56 - [WARNING] Tabbed indent: "\t\t\t\t\t\t\t\t   'uri'     => uri,\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:57 - [WARNING] Space-Tab mixed indent: "\t\t\t\t\t\t\t\t   'method'  => 'GET',})\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:57 - [WARNING] Tabbed indent: "\t\t\t\t\t\t\t\t   'method'  => 'GET',})\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:58 - [WARNING] Space-Tab mixed indent: "\t\t if (req)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:58 - [WARNING] Tabbed indent: "\t\t if (req)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:59 - [WARNING] Space-Tab mixed indent: "\t\t\t res = nclient.send_recv(req, 1024)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:59 - [WARNING] Tabbed indent: "\t\t\t res = nclient.send_recv(req, 1024)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:60 - [WARNING] Space-Tab mixed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:60 - [WARNING] Tabbed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:61 - [WARNING] Space-Tab mixed indent: "\t\t\t print_status(\"Error: \#{datastore['RHOST']}:\#{datastore['RPORT']} did not respond on.\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:61 - [WARNING] Tabbed indent: "\t\t\t print_status(\"Error: \#{datastore['RHOST']}:\#{datastore['RPORT']} did not respond on.\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:62 - [WARNING] Space-Tab mixed indent: "\t\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:62 - [WARNING] Tabbed indent: "\t\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:63 - [WARNING] Space-Tab mixed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:63 - [WARNING] Tabbed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:64 - [WARNING] Space-Tab mixed indent: "\t\t if res.code != 200\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:64 - [WARNING] Tabbed indent: "\t\t if res.code != 200\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:65 - [WARNING] Space-Tab mixed indent: "\t\t\t print_error(\"Unable to query to host:  \#{datastore['RHOST']}:\#{datastore['RPORT']}  (\#{datastore['TARGETURI']}).\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:65 - [WARNING] Tabbed indent: "\t\t\t print_error(\"Unable to query to host:  \#{datastore['RHOST']}:\#{datastore['RPORT']}  (\#{datastore['TARGETURI']}).\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:66 - [WARNING] Space-Tab mixed indent: "\t\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:66 - [WARNING] Tabbed indent: "\t\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:67 - [WARNING] Space-Tab mixed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:67 - [WARNING] Tabbed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:68 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:68 - [WARNING] Tabbed indent: "\t\t\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:69 - [WARNING] Space-Tab mixed indent: "\t\t #Check PhP\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:69 - [WARNING] Tabbed indent: "\t\t #Check PhP\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:70 - [WARNING] Space-Tab mixed indent: "\t\t php_version = res['X-Powered-By']\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:70 - [WARNING] Tabbed indent: "\t\t php_version = res['X-Powered-By']\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:71 - [WARNING] Space-Tab mixed indent: "\t\t if php_version\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:71 - [WARNING] Tabbed indent: "\t\t if php_version\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:72 - [WARNING] Space-Tab mixed indent: "\t\t\t php_version = \" PHP Version: \#{php_version}\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:72 - [WARNING] Tabbed indent: "\t\t\t php_version = \" PHP Version: \#{php_version}\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:73 - [WARNING] Space-Tab mixed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:73 - [WARNING] Tabbed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:74 - [WARNING] Space-Tab mixed indent: "\t\t\t php_version = \" PHP Version: unknown\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:74 - [WARNING] Tabbed indent: "\t\t\t php_version = \" PHP Version: unknown\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:75 - [WARNING] Space-Tab mixed indent: "\t\t\t #return Exploit::CheckCode::Unknown  # necessary ????\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:75 - [WARNING] Tabbed indent: "\t\t\t #return Exploit::CheckCode::Unknown  # necessary ????\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:76 - [WARNING] Space-Tab mixed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:76 - [WARNING] Tabbed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:77 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:77 - [WARNING] Tabbed indent: "\t\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:78 - [WARNING] Space-Tab mixed indent: "\t\t #Check Web-Server\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:78 - [WARNING] Tabbed indent: "\t\t #Check Web-Server\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:79 - [WARNING] Space-Tab mixed indent: "\t\t _Version_server = res['Server']\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:79 - [WARNING] Tabbed indent: "\t\t _Version_server = res['Server']\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:80 - [WARNING] Space-Tab mixed indent: "\t\t if _Version_server\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:80 - [WARNING] Tabbed indent: "\t\t if _Version_server\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:81 - [WARNING] Space-Tab mixed indent: "\t\t _Version_server = \" Server Version: \#{_Version_server}\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:81 - [WARNING] Tabbed indent: "\t\t _Version_server = \" Server Version: \#{_Version_server}\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:82 - [WARNING] Space-Tab mixed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:82 - [WARNING] Tabbed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:83 - [WARNING] Space-Tab mixed indent: "\t\t _Version_server = \" Server Version: unknown\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:83 - [WARNING] Tabbed indent: "\t\t _Version_server = \" Server Version: unknown\".ljust(40)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:84 - [WARNING] Space-Tab mixed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:84 - [WARNING] Tabbed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:85 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:85 - [WARNING] Space-Tab mixed indent: "\t\t \n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:85 - [WARNING] Tabbed indent: "\t\t \n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:86 - [WARNING] Space-Tab mixed indent: "\t\t #Check forum MyBB\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:86 - [WARNING] Tabbed indent: "\t\t #Check forum MyBB\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:87 - [WARNING] Space-Tab mixed indent: "\t\t if res.body.match(\"&#077;&#089;&#066;&#066;\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:87 - [WARNING] Tabbed indent: "\t\t if res.body.match(\"&#077;&#089;&#066;&#066;\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:88 - [WARNING] Space-Tab mixed indent: "\t\t\t print_good(\"Congratulations! This forum is MyBB :) \"+\"HOST: \"+datastore['RHOST'].ljust(15)+php_version+_Version_server)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:88 - [WARNING] Tabbed indent: "\t\t\t print_good(\"Congratulations! This forum is MyBB :) \"+\"HOST: \"+datastore['RHOST'].ljust(15)+php_version+_Version_server)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:89 - [WARNING] Space-Tab mixed indent: "\t\t\t return Exploit::CheckCode::Detected\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:89 - [WARNING] Tabbed indent: "\t\t\t return Exploit::CheckCode::Detected\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:90 - [WARNING] Space-Tab mixed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:90 - [WARNING] Tabbed indent: "\t\t else\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:91 - [WARNING] Space-Tab mixed indent: "\t\t\t print_status(\"This forum is not guaranteed to be MyBB\"+\"HOST: \"+datastore['RHOST'].ljust(15)+php_version+_Version_server)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:91 - [WARNING] Tabbed indent: "\t\t\t print_status(\"This forum is not guaranteed to be MyBB\"+\"HOST: \"+datastore['RHOST'].ljust(15)+php_version+_Version_server)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:92 - [WARNING] Space-Tab mixed indent: "\t\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:92 - [WARNING] Tabbed indent: "\t\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:93 - [WARNING] Space-Tab mixed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:93 - [WARNING] Tabbed indent: "\t\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:94 - [WARNING] Space-Tab mixed indent: "\t rescue RuntimeError => err\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:94 - [WARNING] Tabbed indent: "\t rescue RuntimeError => err\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:95 - [WARNING] Space-Tab mixed indent: "\t\t print_error(\"Unhandled error in \#{datastore['RHOST']}: \#{err.class}: \#{err}\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:95 - [WARNING] Tabbed indent: "\t\t print_error(\"Unhandled error in \#{datastore['RHOST']}: \#{err.class}: \#{err}\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:96 - [WARNING] Space-Tab mixed indent: "\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:96 - [WARNING] Tabbed indent: "\t\t return Exploit::CheckCode::Unknown\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:97 - [WARNING] Space-Tab mixed indent: "\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:97 - [WARNING] Tabbed indent: "\t end\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:101 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:101 - [WARNING] Tabbed indent: "\t\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:102 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:102 - [WARNING] Tabbed indent: "\t\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:110 - [WARNING] Space-Tab mixed indent: "\t\t\t 'headers' =>\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:110 - [WARNING] Tabbed indent: "\t\t\t 'headers' =>\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:111 - [WARNING] Space-Tab mixed indent: "\t\t\t  {\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:111 - [WARNING] Tabbed indent: "\t\t\t  {\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:112 - [WARNING] Tabbed indent: "\t\t\t\t'Accept' => 'text/html, application/xhtml+xml, */*',\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:113 - [WARNING] Tabbed indent: "\t\t\t\t'Accept-Language' => 'ru-RU',\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:114 - [WARNING] Tabbed indent: "\t\t\t\t'User-Agent' => 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:115 - [WARNING] Tabbed indent: "\t\t\t\t'Accept-Encoding' => 'gzip, deflate',\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:116 - [WARNING] Tabbed indent: "\t\t\t\t'Connection' => 'Close',\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:117 - [WARNING] Tabbed indent: "\t\t\t\t'Cookie' => \"mybb[lastvisit]=\"+Time.now.to_i.to_s+\"; mybb[lastactive]=\"+Time.now.to_i.to_s+\"; loginattempts=1\"\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:118 - [WARNING] Space-Tab mixed indent: "\t\t\t  }\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:118 - [WARNING] Tabbed indent: "\t\t\t  }\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:123 - [WARNING] Tabbed indent: "\t#Resolve response\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:124 - [WARNING] Tabbed indent: "\tif response.body.match(/SELECT COUNT\\(\\*\\) AS users FROM mybb_users u WHERE 1=1 AND u.username NOT REGEXP\\(\\'\\[a-zA-Z\\]\\'\\)/)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:125 - [WARNING] Space-Tab mixed indent: "\t  print_good(\"Database is: PostgreSQL ;)\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:125 - [WARNING] Tabbed indent: "\t  print_good(\"Database is: PostgreSQL ;)\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:126 - [WARNING] Tabbed indent: "\telsif response.body.match(/General error\\: 1 no such function\\: REGEXP/)\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:127 - [WARNING] Space-Tab mixed indent: "\t  print_good(\"Database is: SQLite ;)\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:127 - [WARNING] Tabbed indent: "\t  print_good(\"Database is: SQLite ;)\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:128 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:128 - [WARNING] Tabbed indent: "\telse \n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:129 - [WARNING] Space-Tab mixed indent: "\t  print_status(\"Database MySQL or this is not forum MyBB or unknown Database\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:129 - [WARNING] Tabbed indent: "\t  print_status(\"Database MySQL or this is not forum MyBB or unknown Database\")\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb:130 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:131 - [WARNING] Spaces at EOL
modules/auxiliary/gather/myBB_GetTypeDB.rb:131 - [WARNING] Tabbed indent: "\t\n"
modules/auxiliary/gather/myBB_GetTypeDB.rb - [WARNING] Filenames should be alphanum and snake case.

@jvazquez-r7 jvazquez-r7 commented on the diff Mar 28, 2014

modules/auxiliary/gather/myBB_GetTypeDB.rb
+ if res.code != 200
+ print_error("Unable to query to host: #{datastore['RHOST']}:#{datastore['RPORT']} (#{datastore['TARGETURI']}).")
+ return Exploit::CheckCode::Unknown
+ end
+
+ #Check PhP
+ php_version = res['X-Powered-By']
+ if php_version
+ php_version = " PHP Version: #{php_version}".ljust(40)
+ else
+ php_version = " PHP Version: unknown".ljust(40)
+ #return Exploit::CheckCode::Unknown # necessary ????
+ end
+
+ #Check Web-Server
+ _Version_server = res['Server']
@jvazquez-r7

jvazquez-r7 Mar 28, 2014

Contributor

Please use Ruby Style Guide recommendation for variable names: https://github.com/bbatsov/ruby-style-guide

Contributor

todb-r7 commented Mar 28, 2014

@Karmanovskii I understand you don't write a lot of ruby (probably none), but I'm expecting that this module needs a pretty huge rewrite in order to conform to the standards of the Ruby style guide (above) as well as the notes in https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md

If this is an 0day disclosure, you probably should have alerted the vendor before disclosing here, as well. Given that, though, I won't close this PR out from under you. But do figure out how to set your editor to use normal Ruby soft tabs (2-space tabs, not hard tabs), name your file correctly (case is a problem on Windows and OSX), and name your variables correctly, at a minimum. Otherwise, it's impossible to review and land your contribution.

Contributor

todb-r7 commented Mar 28, 2014

wait this is an aux module, not an exploit. I'm not seeing the 0day mainly because the description is nonsense and the print_* messages don't really describe much. I'm closing this. Sorry it didn't work out.

todb-r7 closed this Mar 28, 2014

Contributor

todb-r7 commented Mar 28, 2014

If you'd like to continue with this effort you are welcome to but given the whitespace changes, you will end up changing every line anyway, so you may as well open a new PR when you are ready. Thanks!

Contributor

Karmanovskii commented Apr 26, 2014

continuation see:
#3190

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment