diff --git a/modules/exploits/multi/http/struts_dev_mode.rb b/modules/exploits/multi/http/struts_dev_mode.rb index ac94989169..6bd7c2854f 100644 --- a/modules/exploits/multi/http/struts_dev_mode.rb +++ b/modules/exploits/multi/http/struts_dev_mode.rb @@ -55,6 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote end def check + vprint_status("Testing to see if the target can evaluate our Java code...") addend_one = rand_text_numeric(rand(3) + 1).to_i addend_two = rand_text_numeric(rand(3) + 1).to_i sum = addend_one + addend_two @@ -66,7 +67,8 @@ class Metasploit3 < Msf::Exploit::Remote end if res and res.code == 200 and res.body.to_s =~ /#{sum}/ - vprint_status("#{peer} - Looks like the injection is being evaluated, but there is more data than expected in the response") + vprint_status("Code got evaluated. Target seems vulnerable, but the response contains something else:") + vprint_line(res.body.to_s) return Exploit::CheckCode::Appears end