Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(merge_info(info,
     'Name'          => 'Unix Command Shell, Bind TCP (via netcat)',
     'Description'   => 'Listen for a connection and spawn a command shell via netcat',
     'Author'         =>
Severity: Minor
Found in modules/payloads/singles/cmd/unix/bind_netcat.rb - About 1 hr to fix

    Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize
    super(
      'Name'           => 'DNS and DNSSEC Fuzzer',
      'Description'    => %q{
        This module will connect to a DNS server and perform DNS and
    Severity: Minor
    Found in modules/auxiliary/fuzzers/dns/dns_fuzzer.rb - About 1 hr to fix

      Method exploit has 28 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    if (target.arch.include? ARCH_CMD)
      p = payload.encoded.gsub(/([$"])/) { |_m| "\\#{Regexp.last_match(1)}" }
      evil_lua = %{ os.execute("#{p} &") }
    else
      Severity: Minor
      Found in modules/exploits/unix/local/setuid_nmap.rb - About 1 hr to fix

        Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      merge_info(
        info,
        'Name' => 'Windows Shell, Reverse TCP (via jjs)',
        Severity: Minor
        Found in modules/payloads/singles/cmd/windows/jjs_reverse_tcp.rb - About 1 hr to fix

          Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Inject Reflective PE Files',
          Severity: Minor
          Found in modules/payloads/stages/windows/x64/peinject.rb - About 1 hr to fix

            Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Inject PE Files',
            Severity: Minor
            Found in modules/payloads/stages/windows/peinject.rb - About 1 hr to fix

              Method exploit has 28 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    cookie_string ||= authenticate
    unless cookie_string
      fail_with(Failure::NoAccess, 'Authentication failed')
    end
              Severity: Minor
              Found in modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb - About 1 hr to fix

                Method exploit has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit

    # Upload
    @fname = "#{rand_text_alphanumeric(rand(10)+6)}.php"
    print_status("Uploading '#{@fname}' (#{payload.encoded.length} bytes)...")
                Severity: Minor
                Found in modules/exploits/unix/webapp/open_flash_chart_upload_exec.rb - About 1 hr to fix

                  Method trigger_xslt_transform has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def trigger_xslt_transform(jsid, text_value, cookie_string)
    return nil unless jsid && text_value

    exploit_endpoint = normalize_uri(target_uri.path, 'en-US', 'api', 'search', 'jobs', jsid, 'results')
    exploit_endpoint << "?xsl=/opt/splunk/var/run/splunk/dispatch/#{text_value}/#{datastore['RANDOM_FILENAME']}.xsl"
                  Severity: Minor
                  Found in modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb - About 1 hr to fix

                    Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'Maarch LetterBox Unrestricted File Upload',
      'Description'     => %q{
                    Severity: Minor
                    Found in modules/exploits/unix/webapp/maarch_letterbox_file_upload.rb - About 1 hr to fix

                      Method check has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def check
    a = nil

    version_paths.each do |u|
      vprint_status("Checking #{u}")
                      Severity: Minor
                      Found in modules/exploits/unix/webapp/jquery_file_upload.rb - About 1 hr to fix

                        Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Holding Pattern Theme Arbitrary File Upload',
      'Description'     => %q{
                        Severity: Minor
                        Found in modules/exploits/unix/webapp/wp_holding_pattern_file_upload.rb - About 1 hr to fix

                          Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'           => 'WordPress RevSlider File Upload and Execute Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload vulnerability in the
                          Severity: Minor
                          Found in modules/exploits/unix/webapp/wp_revslider_upload_execute.rb - About 1 hr to fix

                            Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Mac OS X "tpwn" Privilege Escalation',
      'Description'    => %q{
        This module exploits a null pointer dereference in XNU to escalate
                            Severity: Minor
                            Found in modules/exploits/osx/local/tpwn.rb - About 1 hr to fix

                              Method initialize has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(
      info,
      'Name'           => 'WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution',
      'Description'    => %q(
                              Severity: Minor
                              Found in modules/exploits/unix/webapp/wp_foxypress_upload.rb - About 1 hr to fix

                                Method exploit has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def exploit
    if is_root?
      fail_with Failure::BadConfig, 'Session already has root privileges'
    end
                                Severity: Minor
                                Found in modules/exploits/osx/local/rootpipe_entitlements.rb - About 1 hr to fix

                                  Method check has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def check
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, '/index.php'),
      'method' => 'GET'
    )
                                  Severity: Minor
                                  Found in modules/exploits/unix/webapp/zoneminder_lang_exec.rb - About 1 hr to fix

                                    Method choose_target has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def choose_target
    # If the user specified a target, use that one
    return self.target unless self.target.name =~ /Automatic/

    msearch =
                                    Severity: Minor
                                    Found in modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb - About 1 hr to fix

                                      Method exploit has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def exploit
    connect

    print_status('Performing handshake with gdbserver...')
    handshake
                                      Severity: Minor
                                      Found in modules/exploits/multi/gdb/gdb_server_exec.rb - About 1 hr to fix

                                        Method exploit has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def exploit
    print_status("Trying to execute arbitrary Java...")
    unless vulnerable?
      fail_with(Failure::Unknown, "#{peer} - Java has not been executed, aborting...")
    end
                                        Severity: Minor
                                        Found in modules/exploits/multi/elasticsearch/script_mvel_rce.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language