Added handling for HTTP 401 (Authorization Required) response from target.
Added Exploit DB entries to references list. Minor change to description text for clarity.bug/bundler_fix
parent
db721dff8e
commit
02ace9218b
|
@ -31,8 +31,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
|
||||
Very early versions of Endian Firewall (e.g. 1.1 RC5) require
|
||||
HTTP basic auth credentials as well to exploit this vulnerability.
|
||||
Use the standard USERNAME and PASSWORD advanced options to specify
|
||||
these values if required.
|
||||
Use the USERNAME and PASSWORD advanced options to specify these values
|
||||
if required.
|
||||
|
||||
Versions >= 3.0.0 still contain the vulnerable code, but it appears to
|
||||
never be executed due to a bug in the vulnerable CGI script which also
|
||||
|
@ -58,7 +58,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
['CVE', '2015-5082'],
|
||||
['URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5082'],
|
||||
# ['OSVDB', ''],
|
||||
# ['EDB', ''],
|
||||
['EDB', '37426'],
|
||||
['EDB', '37428'],
|
||||
['URL', 'http://jira.endian.com/browse/COMMUNITY-136']
|
||||
],
|
||||
'Privileged' => false,
|
||||
|
@ -173,11 +174,19 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
'data' => data
|
||||
})
|
||||
|
||||
if res && res.code == 404
|
||||
if res
|
||||
if res.code == 401
|
||||
fail_with(Failure::NoAccess,
|
||||
"#{rhost}:#{rport} - Received a 401 HTTP response - " +
|
||||
"specify web admin credentials using the USERNAME " +
|
||||
"and PASSWORD advanced options to target this host.")
|
||||
end
|
||||
if res.code == 404
|
||||
fail_with(Failure::Unreachable,
|
||||
"#{rhost}:#{rport} - Received a 404 HTTP response - " +
|
||||
"your TARGETURI value is most likely not correct")
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue