From b5b24a1fbf11d2545ea52b7bf883ef584ba68f73 Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Thu, 22 Dec 2011 13:16:54 -0600
Subject: [PATCH] Add a check. I decided not to try to login in the check
 function in order to remain non-malicious. However, this decision doesn't
 represent how modules should write their own check.

---
 modules/exploits/multi/http/splunk_mappy_exec.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/exploits/multi/http/splunk_mappy_exec.rb b/modules/exploits/multi/http/splunk_mappy_exec.rb
index 56d417c8bb..19a96679ff 100644
--- a/modules/exploits/multi/http/splunk_mappy_exec.rb
+++ b/modules/exploits/multi/http/splunk_mappy_exec.rb
@@ -102,6 +102,19 @@ class Metasploit3 < Msf::Exploit::Remote
 		handler
 	end
 
+	def check
+		res = send_request_cgi(
+		{
+			'uri'     => '/en-US/account/login',
+			'method'  => 'GET'
+		}, 25)
+
+		if res.body =~ /Splunk Inc\. Splunk 4\.[0-2]\.[0-4] build [\d+]/
+			return Exploit::CheckCode::Appears
+		else
+			return Exploit::CheckCode::Safe
+		end
+	end
 
 	def do_login
 		res = send_request_cgi(