modules/exploits/windows/http/solarwinds_storage_manager_sql.rb
Method inject_exec
has 47 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def inject_exec
# This little lag is meant to ensure the TCP server runs first before the requests
select(nil, nil, nil, 1)
# Inject our JSP payload
Method initialize
has 43 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def initialize(info={})
super(update_info(info,
'Name' => "Solarwinds Storage Manager 5.1.0 SQL Injection",
'Description' => %q{
This module exploits a SQL injection found in Solarwinds Storage Manager
Method generate_jsp_payload
has 30 lines of code (exceeds 25 allowed). Consider refactoring. Open
Open
def generate_jsp_payload
my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address("50.50.50.50") : datastore['SRVHOST']
my_port = datastore['SRVPORT']
# tmp folder = C:\Program Files\SolarWinds\Storage Manager Server\temp\