use Gem::Version for version compare

2015-12-16 13:04:15 +01:00 · 2015-12-16 13:04:15 +01:00 · 675dff3b6f
parent 01b943ec93
commit 675dff3b6f
1 changed files with 5 additions and 4 deletions
--- a/modules/exploits/multi/http/joomla_http_header_rce.rb
+++ b/modules/exploits/multi/http/joomla_http_header_rce.rb
@ -68,11 +68,12 @@ class Metasploit3 < Msf::Exploit::Remote
    php_version = res.headers['X-Powered-By'].scan(/PHP\/([\d\.]+)/i).flatten.first || ''
    vprint_status("Found PHP version: #{php_version}")

+    version = Gem::Version.new(php_version)
+
    vulnerable = false
-    vulnerable = true if php_version < '5.4'
-    vulnerable = true if php_version.start_with?('5.4') && php_version < '5.4.45'
-    vulnerable = true if php_version.start_with?('5.5') && php_version < '5.5.29'
-    vulnerable = true if php_version.start_with?('5.6') && php_version < '5.6.13'
+    vulnerable = true if version <= Gem::Version.new('5.4.44')
+    vulnerable = true if version.between?(Gem::Version.new('5.5.0'), Gem::Version.new('5.5.28'))
+    vulnerable = true if version.between?(Gem::Version.new('5.6.0'), Gem::Version.new('5.6.12'))

    unless vulnerable
      vprint_error('This module currently does not work against this PHP version')