Land #11636, postgres_createlang version check fix

4.x
William Vu 2019-04-01 15:21:57 -05:00 committed by Metasploit
parent 1cfaac3a9f
commit bad97a70c4
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 12 additions and 14 deletions

View File

@ -57,26 +57,24 @@ class MetasploitModule < Msf::Exploit::Remote
deregister_options('SQL', 'RETURN_ROWSET', 'VERBOSE')
end
def postgres_major_version(version)
version_match = version.match(/(?<software>\w{10})\s(?<major_version>\d{1,2})\.(?<minor_version>\d{1,2})\.(?<revision>\d{1,2})/)
version_match['major_version']
end
def check
if vuln_version?
Exploit::CheckCode::Appears
else
Exploit::CheckCode::Safe
end
vuln_version? ? CheckCode::Appears : CheckCode::Safe
end
def vuln_version?
version = postgres_fingerprint
if version[:auth]
major_version = postgres_major_version(version[:auth])
return true if major_version && major_version.to_i >= 8
return unless version[:auth]
vprint_status version[:auth].to_s
version_full = version[:auth].to_s.scan(/^PostgreSQL ([\d\.]+)/i).flatten.first
if Gem::Version.new(version_full) >= Gem::Version.new('8.0')
return true
else
return false
end
false
end
def login_success?