#
# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - https://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
###
# Exploit: http://www.justanotherhacker.com/advisories/jahx132.html
###
beef:
    module:
        firephp_code_exec:
            enable: true
            category: "Exploits"
            name: "Firephp 0.7.1 RCE"
            description: "Exploit FirePHP <= 0.7.1 to execute arbitrary JavaScript within the trusted 'chrome://' zone.<br/><br/>This module forces the browser to load '/firephp' on the BeEF server.<br/><br/>The payload is executed silently once the user moves the mouse over the array returned for 'http://[BeEF]/firephp' in Firebug.<br/><br/><b>Note:</b> Use msfpayload to generate JavaScript payloads. The default payload binds a shell on port 4444.<br/>See 'modules/exploits/firephp/payload.js'"
            authors: ["Wireghoul", "bcoles"]
            target:
                user_notify: ["FF"]
                not_working: ["All"]