infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Orientdb 2.2.x RCE - Fix regular expression for version detection

bug/bundler_fix
Ricardo Almeida 2017-07-26 14:35:05 +01:00
parent 30664924c8
commit 4845b4b1fa
No known key found for this signature in database
GPG Key ID: E44BDAD000B9B1E0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/multi/http/orientdb_exec.rb
View File

@ -52,7 +52,7 @@ class MetasploitModule < Msf::Exploit::Remote
uri = target_uri uri = target_uri
uri.path = normalize_uri(uri.path) uri.path = normalize_uri(uri.path)
res = send_request_raw({'uri' => "#{uri.path}listDatabases"}) res = send_request_raw({'uri' => "#{uri.path}listDatabases"})
if res and res.code == 200 and res.headers['Server'] =~ /OrientDB Server v\.2\.2\.[2-9]|1[0-9]|2[0-2]/ if res and res.code == 200 and res.headers['Server'] =~ /OrientDB Server v\.2\.2\./
print_good("Version: #{res.headers['Server']}") print_good("Version: #{res.headers['Server']}")
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
else else