adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Augment check with Apache Server header

Browse Source
This commit is contained in:
William Vu
2018-10-23 07:04:14 -05:00
parent 0249f1a4af
commit bdf2d44415
1 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/unix/webapp/jquery_file_upload.rb
+20 -3
View File
@@ -76,6 +76,8 @@ class MetasploitModule < Msf::Exploit::Remote
end
def check
a = nil
version_paths.each do |u|
vprint_status("Checking #{u}")
@@ -84,14 +86,29 @@ class MetasploitModule < Msf::Exploit::Remote
'uri' => u
)
next unless res && res.code == 200 && (j = res.get_json_document) &&
next unless res
unless a
res.headers['Server'] =~ /Apache\/([\d.]+)/ &&
$1 && (a = Gem::Version.new($1))
# We have to make some assumptions about configuration here
if a && a >= Gem::Version.new('2.3.9')
vprint_good("Found Apache #{a} (AllowOverride None)")
elsif a
vprint_error("Found Apache #{a} (AllowOverride All)")
return CheckCode::Safe
end
end
next unless res.code == 200 && (j = res.get_json_document) &&
j['version'] && (v = Gem::Version.new(j['version']))
if v <= Gem::Version.new('9.22.0')
vprint_good("Found unpatched version #{v}")
vprint_good("Found unpatched jQuery File Upload #{v}")
return CheckCode::Appears
else
vprint_error("Found patched version #{v}")
vprint_error("Found patched jQuery File Upload #{v}")
return CheckCode::Safe
end
end