Modify check to use Nokogiri

2015-10-23 14:29:16 -05:00 · 2015-10-23 14:29:16 -05:00 · 3c961f61a7
parent 6f02cedff8
commit 3c961f61a7
1 changed files with 19 additions and 3 deletions
--- a/modules/exploits/multi/http/uptime_code_exec.rb
+++ b/modules/exploits/multi/http/uptime_code_exec.rb
@ -4,7 +4,10 @@
 ##

 require 'msf/core'
+require 'nokogiri'
+
 class Metasploit4 < Msf::Exploit::Remote
+
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::PhpEXE

@ -50,17 +53,30 @@ class Metasploit4 < Msf::Exploit::Remote
        OptString.new('PASSWORD', [true, 'The password to authenticate with', 'sample'])
      ], self.class)
  end
+
  # Application Check
  def check
    res = send_request_cgi(
      'method' => 'GET',
      'uri'    => normalize_uri(target_uri.path)
    )
-    vprint_status("#{peer} - Checking version...")

-    if res && res.code == 200 && (res.body.include?('up.time 7.5.0') || res.body.include?('up.time 7.4.0'))
-      return Exploit::CheckCode::Appears
+    unless res
+      vprint_error("Connection timed out.")
+      return Exploit::CheckCode::Unknown
    end
+
+    n = Nokogiri::HTML(res.body)
+    uptime_text = n.at('//ul[@id="uptimeInfo"]//li[contains(text(), "up.time")]')
+
+    if uptime_text
+      version = uptime_text.text.scan(/up\.time ([\d\.]+)/i).flatten.first
+      vprint_status("Found version: #{version}")
+      if version >= '7.4.0' && version <= '7.5.0'
+        return Exploit::CheckCode::Appears
+      end
+    end
+
    Exploit::CheckCode::Safe
  end