infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make fewer assumptions about Apache 

Returning CheckCode::Safe is too aggressive for a supplemental check.
Admins can change the directive in top-level configuration, anyway.
GSoC/Meterpreter_Web_Console
William Vu 2018-10-23 16:24:26 -05:00
parent 326597e842
commit 67f2933b58
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/exploits/unix/webapp/jquery_file_upload.rb
View File

@ -92,12 +92,10 @@ class MetasploitModule < Msf::Exploit::Remote
res.headers['Server'] =~ /Apache\/([\d.]+)/ &&
$1 && (a = Gem::Version.new($1))
# We have to make some assumptions about configuration here
if a && a >= Gem::Version.new('2.3.9')
vprint_good("Found Apache #{a} (AllowOverride None)")
vprint_good("Found Apache #{a} (AllowOverride None may be set)")
elsif a
vprint_error("Found Apache #{a} (AllowOverride All)")
return CheckCode::Safe
vprint_warning("Found Apache #{a} (AllowOverride All may be set)")
end
end