Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,888 of 21,960 total issues

Method retrieve_original_settings has 27 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def retrieve_original_settings
    res = send_request_cgi(
      {
        'uri' => normalize_uri(target_uri.path, 'api', 'json', 'admin', 'getServerSettings'),
        'method' => 'POST',
Severity: Minor
Found in modules/exploits/windows/http/manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection.rb - About 1 hr to fix

    Method generate_shares has 27 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def generate_shares(path)
    share_name = @share_name
    %Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
    Severity: Minor
    Found in modules/exploits/windows/http/sap_host_control_cmd_exec.rb - About 1 hr to fix

      Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    # Get the sessionID and siLockLongTermInstID
    print_status('[01/11] Get the sessionID and siLockLongTermInstID')
    populate_token_instid
    # Allow Remote Access and Create new sysAd
      Severity: Minor
      Found in modules/exploits/windows/http/moveit_cve_2023_34362.rb - About 1 hr to fix

        Method build_properties_class has 27 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def build_properties_class
    # Create the object
    object = Rex::Java::Serialization::Model::NewObject.new
    object.class_desc = Rex::Java::Serialization::Model::ClassDesc.new
        Severity: Minor
        Found in modules/exploits/windows/ibm/ibm_was_dmgr_java_deserialization_rce.rb - About 1 hr to fix

          Method generate_shares has 27 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def generate_shares(path)
    share_name = datastore['SHARENAME']
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
          Severity: Minor
          Found in modules/exploits/windows/browser/webdav_dll_hijacker.rb - About 1 hr to fix

            Method process_get has 27 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def process_get(cli, request)

    myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
    webdav = "\\\\#{myhost}\\"
            Severity: Minor
            Found in modules/exploits/windows/browser/webdav_dll_hijacker.rb - About 1 hr to fix

              Method on_request_uri has 27 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def on_request_uri(cli, request)
    return if ((p = regenerate_payload(cli)) == nil)

    print_status("Sending #{self.name}")
              Severity: Minor
              Found in modules/exploits/windows/browser/ms06_067_keyframe.rb - About 1 hr to fix

                Method initialize has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute',
      'Description'    => %q{
          This module exploits a vulnerability in Symantec AppStream Client 5.x. The vulnerability
                Severity: Minor
                Found in modules/exploits/windows/browser/symantec_appstream_unsafe.rb - About 1 hr to fix

                  Method process_get has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def process_get(cli, request)
    myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
    webdav = "\\\\#{myhost}\\"

    if blacklisted_path?(request.uri)
                  Severity: Minor
                  Found in modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb - About 1 hr to fix

                    Method generate_shares has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def generate_shares(path)
    share_name = @share_name
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
                    Severity: Minor
                    Found in modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb - About 1 hr to fix

                      Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit

    template = %Q|<?xml version="1.0" encoding="UTF-8"?>
<playlist version="1" xmlns="http://xspf.org/ns/0/" xmlns:vlc="http://www.videolan.org/vlc/playlist/ns/0/">
<title>Playlist</title>
                      Severity: Minor
                      Found in modules/exploits/windows/fileformat/vlc_smb_uri.rb - About 1 hr to fix

                        Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exploit

    peer = "#{rhost}:#{rport}"

    # Setup the necessary files to do the wbemexec trick
                        Severity: Minor
                        Found in modules/exploits/windows/misc/bigant_server_dupf_upload.rb - About 1 hr to fix

                          Method on_file_read has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def on_file_read(fname, file)
    f = open(file, 'rb')
    buf = f.read
    f.close
                          Severity: Minor
                          Found in modules/exploits/windows/fileformat/ms12_005.rb - About 1 hr to fix

                            Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def exploit
    template = [
      "[Content_Types].xml",
      "_rels/.rels",
      "docProps/thumbnail.jpeg",
                            Severity: Minor
                            Found in modules/exploits/windows/fileformat/corelpdf_fusion_bof.rb - About 1 hr to fix

                              Method make_ttf has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def make_ttf
    ttf_data = ""

    # load the static ttf file
                              Severity: Minor
                              Found in modules/exploits/windows/fileformat/adobe_cooltype_sing.rb - About 1 hr to fix

                                Method generate_shares has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def generate_shares(path)
    share_name = datastore['SHARENAME']
%Q|
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>#{path}#{share_name}/</D:href>
                                Severity: Minor
                                Found in modules/exploits/windows/misc/vmhgfs_webdav_dll_sideload.rb - About 1 hr to fix

                                  Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
                                  Severity: Minor
                                  Found in modules/exploits/linux/local/vcenter_java_wrapper_vmon_priv_esc.rb - About 1 hr to fix

                                    Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
                                    Severity: Minor
                                    Found in modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb - About 1 hr to fix

                                      Method exploit has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
                                      Severity: Minor
                                      Found in modules/exploits/linux/local/rds_rds_page_copy_user_priv_esc.rb - About 1 hr to fix

                                        Method api_key has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def api_key
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'api/'),
      'vars_get' => {
                                        Severity: Minor
                                        Found in modules/exploits/linux/http/panos_op_cmd_exec.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language