Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
modules/exploits/windows/http/solarwinds_storage_manager_sql.rb

Summary

Maintainability
B
4 hrs
Test Coverage

Method inject_exec has 47 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def inject_exec
    # This little lag is meant to ensure the TCP server runs first before the requests
    select(nil, nil, nil, 1)

    # Inject our JSP payload
Severity: Minor
Found in modules/exploits/windows/http/solarwinds_storage_manager_sql.rb - About 1 hr to fix

    Method initialize has 43 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info={})
    super(update_info(info,
      'Name'           => "Solarwinds Storage Manager 5.1.0 SQL Injection",
      'Description'    => %q{
          This module exploits a SQL injection found in Solarwinds Storage Manager
    Severity: Minor
    Found in modules/exploits/windows/http/solarwinds_storage_manager_sql.rb - About 1 hr to fix

      Method generate_jsp_payload has 30 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def generate_jsp_payload
    my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address("50.50.50.50") : datastore['SRVHOST']
    my_port = datastore['SRVPORT']

    # tmp folder = C:\Program Files\SolarWinds\Storage Manager Server\temp\
      Severity: Minor
      Found in modules/exploits/windows/http/solarwinds_storage_manager_sql.rb - About 1 hr to fix

        There are no issues that match your filters.

        Category
        Status