From 5524e9aae220057846f174df5c18cbca8e645e3a Mon Sep 17 00:00:00 2001 From: et <> Date: Mon, 19 Oct 2009 00:02:54 +0000 Subject: [PATCH] Fixed #370. Test if uploaded file exists git-svn-id: file:///home/svn/framework3/trunk@7203 4d416f70-5f16-0410-b530-b9f4589650da --- modules/auxiliary/scanner/http/writable.rb | 33 ++++++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/http/writable.rb b/modules/auxiliary/scanner/http/writable.rb index 9bdd67a42b..8df0b6641b 100644 --- a/modules/auxiliary/scanner/http/writable.rb +++ b/modules/auxiliary/scanner/http/writable.rb @@ -66,15 +66,42 @@ class Metasploit3 < Msf::Auxiliary return if not res if (res and res.code >= 200 and res.code < 300) - print_status("Upload succeeded on #{wmap_base_url}#{datastore['PATH']} [#{res.code}]") + + # + # Detect if file was really uploaded + # + + begin + res = send_request_cgi({ + 'uri' => datastore['PATH'], + 'method' => 'GET', + 'ctype' => 'text/html' + }, 20) + + return if not res + + tcode = res.code.to_i + + if res and (tcode >= 200 and tcode <= 299) + if res.body.include? datastore['DATA'] + print_status("Upload succeeded on #{wmap_base_url}#{datastore['PATH']} [#{res.code}]") - rep_id = wmap_base_report_id( + rep_id = wmap_base_report_id( wmap_target_host, wmap_target_port, wmap_target_ssl ) - wmap_report(rep_id,'VULNERABILITY','PUT_ENABLED',"#{datastore['PATH']}","Upload succeeded on #{datastore['PATH']}") + wmap_report(rep_id,'VULNERABILITY','PUT_ENABLED',"#{datastore['PATH']}","Upload succeeded on #{datastore['PATH']}") + + end + else + print_status("Received a #{tcode} code but upload failed on #{wmap_base_url} [#{res.code} #{res.message}]") + end + + rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout + rescue ::Timeout::Error, ::Errno::EPIPE + end else print_status("Upload failed on #{wmap_base_url} [#{res.code} #{res.message}]") end