Showing 7,361 of 22,177 total issues
Method run_host
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run_host(target_host)
begin
if datastore['PASSWORD'].empty?
password = Rex::Text::rand_text_alphanumeric(16)
else
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Generic HTTP Directory Traversal Utility',
'Description' => %q{
This module allows you to test if a web server (or web application) is
Method access_configuration
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def access_configuration
data = "<?xml version='1.0' encoding='UTF-8'?>" + "\r\n"
data << "<wsns0:Envelope" + "\r\n"
data << "xmlns:wsns1='http://www.w3.org/2001/XMLSchema-instance'" + "\r\n"
Method run_host
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run_host(ip)
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'api')
})
Method do_login
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def do_login(user, pass)
vprint_status("Trying username:#{user.inspect} with password:#{pass.inspect}")
# some versions require we snag a CSRF token. So visit the logon portal
res = send_request_cgi('method' => 'GET', 'uri' => normalize_uri('/+CSCOE+/logon.html'))
Method do_fuzz_headers
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def do_fuzz_headers(form,headers)
headercnt = 0
datastr = ""
form[:fields].each do | thisfield |
normaldata = "blah&"
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'pfSense authenticated group member RCE',
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Dhclient Bash Environment Variable Injection (Shellshock)',
'Description' => %q|
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell
Method exploit
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# Automatic Targeting
mytarget = nil
banner, version, alert = detect_version(target_uri.path)
if (target['auto'])
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Invision IP.Board unserialize() PHP Code Execution',
Method login
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def login(user, pass)
print_status("#{peer} - Authenticating with OpenMediaVault using credentials #{user}:#{pass}")
# try the login options for all OpenMediaVault versions
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'rpc.php'),
Method exec_php
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exec_php(php_code)
print_status('Retrieving session cookie')
res = send_request_cgi({
'method' => 'GET',
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'OpenMediaVault rpc.php Authenticated PHP Code Injection',
Method exploit
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
exts = ['jpg']
gext = exts[rand(exts.length)]
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info={})
super(update_info(info,
'Name' => "Apple Safari file:// Arbitrary Code Execution",
'Description' => %q{
This module exploits a vulnerability found in Apple Safari on OS X platform.
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Tomcat RCE via JSP Upload Bypass',
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'JetBrains TeamCity Unauthenticated Remote Code Execution',
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE',
Method initialize
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Moodle Authenticated Spelling Binary RCE',
Method exploit
has 52 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# Get node_id for requests
node_id = get_node
fail_with(Failure::Unknown, 'Could not get a valid node id for the vBulletin install.') unless node_id