Showing 15,888 of 21,960 total issues
Method run
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
print_status("Checking MyBB...")
unless check == Exploit::CheckCode::Detected
print_error("MyBB not found")
return
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize
super(
'Name' => 'JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure',
'Description' => %q{
SIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU),
Method bypass_auth
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def bypass_auth(token, usr, pwd)
d = {
'userName' => usr,
'password' => pwd,
'roleName' => 'global-admin'
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read',
'Description' => %q{
Joomla versions 3.2.2 and below are vulnerable to an unauthenticated SQL injection
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Microsoft SQL Server Command Execution',
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft SQL Server NTLM Stealer',
'Description' => %q{
This module can be used to help capture or relay the LM/NTLM credentials of the
Method run
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
if session
set_mssql_session(session.client)
else
unless mssql_login_datastore
Method auth_v10
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def auth_v10
# step 1: get a JSESSIONID cookie and the server Date header
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'fm/'),
'method' => 'GET'
Method try_autodetect_patterns
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def try_autodetect_patterns
print_status('Trying to automatically determine Pattern1 and Pattern2...')
begin
res = send_request_cgi({
'method' => 'POST',
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'SAP ConfigServlet OS Command Execution',
'Description' => %q{
This module allows execution of operating system commands through the SAP
Method authenticate
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def authenticate
res = send_request_cgi({
'uri' => normalize_uri(datastore['TARGETURI'], 'userSession.do'),
'method' => 'POST',
'vars_post' => {
Method action_remove
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def action_remove
message = { name: 'DeleteUser' }
message[:data] = Nokogiri::XML(<<-ENVELOPE, nil, nil, Nokogiri::XML::ParseOptions::NOBLANKS).root.to_xml(indent: 0, save_with: 0)
<root>
<username secure="true">#{datastore['USERNAME'].encode(xml: :text)}</username>
Method run_host
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run_host(_ip)
tmpfile = Rex::Text.rand_text_alphanumeric(20) # Store the base64 encoded traversal data in a hard-to-brute filename, just in case.
print_status("Attempting to connect to #{rhost}:#{rport}")
res = send_request_raw(
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'WordPress Symposium Plugin SQL Injection',
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize
super(
'Name' => 'Katello (Red Hat Satellite) users/update_roles Missing Authorization',
'Description' => %q{
This module exploits a missing authorization vulnerability in the
Method run
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
if check_filename(datastore['filepath'])
file = nil
if datastore['TRAVERSAL_PATH'].nil?
traversal_size = datastore['MAX_TRAVERSAL']
Method run
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
return if not check_dependencies
name1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
name2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
Method run
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success
vm_ref = vim_find_vm_by_name(datastore['VM'])
case vm_ref
Method initialize
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability',
'Description' => %q{
This module exploits an authentication bypass vulnerability
Method pub_subnet
has 26 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def pub_subnet(creds, vpc_id)
# First look for subnets that are configured to provision a public IP when instances are launched
action = 'DescribeSubnets'
doc = call_ec2(creds, 'Action' => action)
doc = print_results(doc, action)