Showing 7,361 of 22,177 total issues
Method wp_cleanup
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def wp_cleanup(shell_name, post_id, cookie)
print_status('Attempting to clean up files...')
uri = normalize_uri(datastore['TARGETURI'], 'wp-admin', 'admin-ajax.php')
res = send_request_cgi(
'method' => 'POST',
Method execute_command
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def execute_command(cmd, _opts = {})
uri = target_uri.path
job_name = datastore['JOB_NAME'] == '' ? Rex::Text.rand_text_alpha(5..10) : datastore['JOB_NAME']
print_status("Creating job '#{job_name}'")
Method req_teamcity_8
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def req_teamcity_8(script_content)
build_id = Rex::Text.rand_text_numeric(8)
xml_payload = %(
<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
Method exploit
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
# Validate that we can actually do things before we bother
# doing any more work
check_permissions!
Method exploit
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
commspec = '%COMSPEC%'
registry_view = REGISTRY_VIEW_NATIVE
psh_path = '%WINDIR%\\System32\\WindowsPowershell\\v1.0\\powershell.exe'
Method check
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def check
target_check_results = adaudit_plus_target_check
target_check_msg = target_check_results['message']
case target_check_results['status']
when adaudit_plus_status::CONNECTION_FAILED
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow',
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'HP AutoPass License Server File Upload',
'Description' => %q{
This module exploits a code execution flaw in HP AutoPass License Server. It abuses two
Method on_request_uri
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def on_request_uri(cli, request)
if request.uri =~ /\.exe$/
return if ((p = regenerate_payload(cli)) == nil)
register_file_for_cleanup("#{@stage_name}") unless @dropped_files and @dropped_files.include?("#{@stage_name}")
Method make_pdf
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def make_pdf(u3d_stream, js_doc, js_pg1)
xref = []
eol = "\x0a"
obj_end = "" << eol << "endobj" << eol
Method exploit
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
nop = "\x42"
junk = 'ABC'.split('').sample #junk must specifically static (A, B, and C only)
buffer = ""
buffer << junk * target['Offset']
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'VMware vCenter Server Analytics (CEIP) Service File Upload',
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Apache Spark Unauthenticated Command Injection RCE',
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection',
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Chaos RAT XSS to RCE',
Method initialize
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'Samba is_known_pipename() Arbitrary Module Load',
'Description' => %q{
This module triggers an arbitrary shared library load vulnerability
Method exploit
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
opts = ssh_client_defaults.merge({
auth_methods: ['keyboard-interactive'],
port: rport,
password: password
Method exist_and_supported
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exist_and_supported
case session.platform
when 'linux'
user = session.shell_command('whoami')
print_status("Current user is #{user}")
Method run
has 70 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def run
opt = {}
opt['PADDING'] = datastore['PADDING'] if datastore['PADDING']
opt['FC'] = datastore['FC'] if datastore['FC']
pids = get_current_data_pids(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)