Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix crash when running http crawler with database connected #18945

Merged
merged 1 commit into from Mar 12, 2024
Merged

Fix crash when running http crawler with database connected #18945

merged 1 commit into from Mar 12, 2024

Conversation

adfoster-r7
Copy link
Contributor

Fix crash when running http crawler with database connected with Ruby 3.1
Fixes #18943

Verification

Before

Target Metasploitable2 and see explosions:

msf6 auxiliary(scanner/http/crawler) > run rhost=192.168.123.133
[*] Running module against 192.168.123.133

[*] Crawling http://192.168.123.133:80/...
[*] [00001/00500]    200 - 192.168.123.133 - http://192.168.123.133/
[*] [00002/00500]    200 - 192.168.123.133 - http://192.168.123.133/twiki/
[*] [00003/00500]    200 - 192.168.123.133 - http://192.168.123.133/dav/
[*] [00004/00500]    200 - 192.168.123.133 - http://192.168.123.133/test/
[-] [00005/00500]    404 - 192.168.123.133 - http://192.168.123.133/tmp/
[-] [00006/00500]    404 - 192.168.123.133 - http://192.168.123.133/stuff/
[-] [00007/00500]    404 - 192.168.123.133 - http://192.168.123.133/awstats/
[-] [00008/00500]    404 - 192.168.123.133 - http://192.168.123.133/awstats/awstats/
[-] [00009/00500]    404 - 192.168.123.133 - http://192.168.123.133/basilic/
[-] [00010/00500]    404 - 192.168.123.133 - http://192.168.123.133/cacti/
[-] [00011/00500]    404 - 192.168.123.133 - http://192.168.123.133/docs/text/manual.txt
[*] [00012/00500]    200 - 192.168.123.133 - http://192.168.123.133/phpMyAdmin/
[-] Crawler Exception: http://192.168.123.133:80/ Tried to load unspecified class: WEBrick::Cookie ["/Users/adfoster/.rvm/rubies/ruby-3.1.4/lib/ruby/3.1.0/psych/class_loader.rb:99:in  .... etc...

After

Working

msf6 auxiliary(scanner/http/crawler) > run rhost=192.168.123.133
[*] Running module against 192.168.123.133

[*] Crawling http://192.168.123.133:80/...
[*] [00001/00500]    200 - 192.168.123.133 - http://192.168.123.133/
[*] [00002/00500]    200 - 192.168.123.133 - http://192.168.123.133/twiki/
[*] [00003/00500]    200 - 192.168.123.133 - http://192.168.123.133/dav/
[*] [00004/00500]    200 - 192.168.123.133 - http://192.168.123.133/test/
[-] [00005/00500]    404 - 192.168.123.133 - http://192.168.123.133/tmp/
[-] [00006/00500]    404 - 192.168.123.133 - http://192.168.123.133/stuff/
[-] [00007/00500]    404 - 192.168.123.133 - http://192.168.123.133/awstats/
[*] [00008/00500]    200 - 192.168.123.133 - http://192.168.123.133/phpMyAdmin/
[*]                         FORM: POST /phpMyAdmin/index.php
[*]                         FORM: POST /phpMyAdmin/index.php
...etc...

@adfoster-r7 adfoster-r7 mentioned this pull request Mar 12, 2024
Closed
@adfoster-r7 adfoster-r7 force-pushed the fix-crash-when-running-http-crawler-with-database-connected branch from fd8676f to afa4766 Compare March 12, 2024 01:19
jmartin-tech
jmartin-tech approved these changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@jmartin-tech jmartin-tech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems a reasonable location to set this value consistently for Framework.

Minor optional nit-pick noted.

lib/metasploit/framework/common_engine.rb Outdated Show resolved Hide resolved
@adfoster-r7 adfoster-r7 force-pushed the fix-crash-when-running-http-crawler-with-database-connected branch from afa4766 to 9a9c27b Compare March 12, 2024 15:48
@dwelch-r7 dwelch-r7 merged commit d88185b into rapid7:master Mar 12, 2024
34 checks passed
@dwelch-r7 dwelch-r7 added the rn-fix release notes fix label Mar 12, 2024
@dwelch-r7
Copy link
Contributor

Release Notes

Fixes crash when running http crawler with database connected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmartin-tech jmartin-tech jmartin-tech approved these changes

Assignees
No one assigned
Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

HTTP Crawler scanner - Psych::DisallowedClass Tried to load unspecified class: WEBrick::Cookie
3 participants
@adfoster-r7 @dwelch-r7 @jmartin-tech