Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec
commit
c75a0185ec
|
@ -57,10 +57,25 @@ class Metasploit4 < Msf::Auxiliary
|
|||
:name => self.name,
|
||||
:refs => self.references
|
||||
)
|
||||
Exploit::CheckCode::Vulnerable
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
elsif res && res.code == 500
|
||||
injected_res_code = res.code
|
||||
else
|
||||
Exploit::CheckCode::Safe
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['METHOD'],
|
||||
'uri' => normalize_uri(target_uri.path.to_s)
|
||||
})
|
||||
|
||||
if res && injected_res_code == res.code
|
||||
return Exploit::CheckCode::Unknown
|
||||
elsif res && injected_res_code != res.code
|
||||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
|
||||
Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
def run_host(ip)
|
||||
|
|
|
@ -69,10 +69,25 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
res = req("echo #{marker}")
|
||||
|
||||
if res && res.body.include?(marker * 3)
|
||||
Exploit::CheckCode::Vulnerable
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
elsif res && res.code == 500
|
||||
injected_res_code = res.code
|
||||
else
|
||||
Exploit::CheckCode::Safe
|
||||
return Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
res = send_request_cgi({
|
||||
'method' => datastore['METHOD'],
|
||||
'uri' => normalize_uri(target_uri.path.to_s)
|
||||
})
|
||||
|
||||
if res && injected_res_code == res.code
|
||||
return Exploit::CheckCode::Unknown
|
||||
elsif res && injected_res_code != res.code
|
||||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
|
||||
Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
def exploit
|
||||
|
|
Loading…
Reference in New Issue