infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Explain why we flag the vuln as "Appears" instead of vulnerable

bug/bundler_fix
sinn3r 2014-01-31 12:05:58 -06:00
parent 2fca2da9f7
commit 60ead5de43
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/multi/http/struts_dev_mode.rb
View File

@ -55,6 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def check def check
vprint_status("Testing to see if the target can evaluate our Java code...")
addend_one = rand_text_numeric(rand(3) + 1).to_i addend_one = rand_text_numeric(rand(3) + 1).to_i
addend_two = rand_text_numeric(rand(3) + 1).to_i addend_two = rand_text_numeric(rand(3) + 1).to_i
sum = addend_one + addend_two sum = addend_one + addend_two
@ -66,7 +67,8 @@ class Metasploit3 < Msf::Exploit::Remote
end end
if res and res.code == 200 and res.body.to_s =~ /#{sum}/ if res and res.code == 200 and res.body.to_s =~ /#{sum}/
vprint_status("#{peer} - Looks like the injection is being evaluated, but there is more data than expected in the response") vprint_status("Code got evaluated. Target seems vulnerable, but the response contains something else:")
vprint_line(res.body.to_s)
return Exploit::CheckCode::Appears return Exploit::CheckCode::Appears
end end