Have exploit call check. Have check report_vuln

2014-12-15 09:53:11 -08:00 · 2014-12-15 09:53:11 -08:00 · 025c0771f8
parent f521e7d234
commit 025c0771f8
1 changed files with 10 additions and 1 deletions
--- a/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb
+++ b/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb
@ -81,7 +81,15 @@ class Metasploit3 < Msf::Exploit::Remote
      return Exploit::CheckCode::Unknown
    elsif res.code == 200 && /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/ =~ res.body
      vprint_status("#{peer} - Found version: #{version}")
-      return Exploit::CheckCode::Vulnerable if Gem::Version.new(version) <= Gem::Version.new('2.81')
+      if Gem::Version.new(version) <= Gem::Version.new('2.81')
+        report_vuln(
+          host: rhost,
+          name: self.name,
+          info: "Module #{fullname} detected ActualAnalyzer #{version}",
+          refs: references,
+        )
+        return Exploit::CheckCode::Vulnerable
+      end
      return Exploit::CheckCode::Detected
    elsif res.code == 200 && res.body =~ /ActualAnalyzer Lite/
      return Exploit::CheckCode::Detected
@ -235,6 +243,7 @@ class Metasploit3 < Msf::Exploit::Remote
  end

  def exploit
+    return unless check == Exploit::CheckCode::Vulnerable
    analytics_hosts = []
    if datastore['ANALYZER_HOST'].blank?
      analytics_hosts << get_analytics_host_code