require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Nagios3 statuswml.cgi Ping Command Execution',
'Description' => %q{
This module abuses a metacharacter injection vulnerability in the
Nagios3 statuswml.cgi script. This flaw is triggered when shell
metacharacters are present in the parameters to the ping and
traceroute commands.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2009-2288' ],
[ 'OSVDB', '55281'],
],
'Platform' => ['unix'],
暂无评论