modules/exploits/unix/http/xdebug_unauth_exec.rb from rapid7/metasploit-framework

modules/exploits/unix/http/xdebug_unauth_exec.rb

Summary

Maintainability

2 hrs

Test Coverage

Issues
Source
Stats

Method `initialize` has 35 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(update_info(info,
      'Name' => 'xdebug Unauthenticated OS Command Execution',
      'Description' => %q{
       Module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below.

Found in modules/exploits/unix/http/xdebug_unauth_exec.rb - About 1 hr to fix

Method `exploit` has 34 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def exploit
    payl = Rex::Text.encode_base64("#{payload.encoded}")
    cmd1 = "eval -i 1 -- " + Rex::Text.encode_base64("eval(base64_decode(\"#{payl}\"));") + "\x00"
    webserver = Thread.new do
    begin

Found in modules/exploits/unix/http/xdebug_unauth_exec.rb - About 1 hr to fix

rapid7/metasploit-framework

Summary

Maintainability

Test Coverage

Method `initialize` has 35 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `exploit` has 34 lines of code (exceeds 25 allowed). Consider refactoring.
Open

There are no issues that match your filters.

Category

Status

rapid7/metasploit-framework

Summary

Maintainability

Test Coverage

Method initialize has 35 lines of code (exceeds 25 allowed). Consider refactoring. Open

Method exploit has 34 lines of code (exceeds 25 allowed). Consider refactoring. Open

There are no issues that match your filters.

Category

Status

Method `initialize` has 35 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `exploit` has 34 lines of code (exceeds 25 allowed). Consider refactoring.
Open