Don't allow 127.0.0.1 as SRVHOST

2014-10-31 08:19:15 -05:00 · 2014-10-31 08:19:15 -05:00 · 40bf44bd05
parent 7d2fa9ee94
commit 40bf44bd05
1 changed files with 2 additions and 2 deletions
--- a/modules/exploits/freebsd/misc/citrix_netscaler_soap_bof.rb
+++ b/modules/exploits/freebsd/misc/citrix_netscaler_soap_bof.rb
@ -88,8 +88,8 @@ class Metasploit3 < Msf::Exploit::Remote
  end

  def exploit
-    if datastore['SRVHOST'] == '0.0.0.0'
-      fail_with(Failure::BadConfig, 'Don\'t use 0.0.0.0 as SRVHOST, use an address on the local machine reachable by the target')
+    if ['0.0.0.0', '127.0.0.1'].include?(datastore['SRVHOST'])
+      fail_with(Failure::BadConfig, 'Bad SRVHOST, use an address on the local machine reachable by the target')
    end

    if check != Exploit::CheckCode::Detected