infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Perform a version check to determine exploitability for graphite pickle

bug/bundler_fix
funkypickle 2016-10-05 16:07:32 -07:00
parent 548efc3e98
commit fb0a438fdf
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/exploits/unix/webapp/graphite_pickle_exec.rb
View File

@ -20,7 +20,8 @@ class MetasploitModule < Msf::Exploit::Remote
},
'Author' =>
[
'Charlie Eriksen' # Initial discovery and exploit
'Charlie Eriksen', # Initial discovery and exploit
'funkypickle' # Version check to prove vulnerable
],
'License' => MSF_LICENSE,
'References' =>
@ -53,13 +54,19 @@ class MetasploitModule < Msf::Exploit::Remote
end
def check
response = send_request_cgi({
res1 = send_request_cgi({
# trailing slash required
'uri' => normalize_uri(target_uri.path, 'version/'),
'method' => 'GET'
})
res2 = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'render', 'local'),
'method' => 'POST'
})
if response and response.code == 500
return Exploit::CheckCode::Detected
if (res1 and %w(0.9.5 0.9.10).include?(res1.body.strip)) and (res2 and res2.code == 500)
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe
end