diff --git a/modules/exploits/linux/http/h2_webinterface_rce.rb b/modules/exploits/linux/http/h2_webinterface_rce.rb
index 39e4d0a783df..5b8508b5b520 100644
--- a/modules/exploits/linux/http/h2_webinterface_rce.rb
+++ b/modules/exploits/linux/http/h2_webinterface_rce.rb
@@ -59,7 +59,8 @@ def initialize(info = {})
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
- 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]
+ 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],
+ 'NOCVE' => ['abusing a feature']
}
)
)
@@ -67,8 +68,8 @@ def initialize(info = {})
[
Opt::RPORT(80),
OptString.new('USERNAME', [ true, 'User to login with', '']),
- OptString.new('PASSWORD', [ false, 'Password to login with', '']),
- OptString.new('DATABASE', [ false, 'Database to use', 'jdbc:h2:mem:']),
+ OptString.new('PASSWORD', [ true, 'Password to login with', '']),
+ OptString.new('DATABASE', [ true, 'Database to use', 'jdbc:h2:mem:']),
OptString.new('TARGETURI', [ true, 'The URI of the H2 web interface', '/']),
OptBool.new('GETVERSION', [ true, 'Get the version of the database before exploiting', true])
]
@@ -94,11 +95,6 @@ def get_jsessionid
def check
jsessionid = get_jsessionid
- send_request_cgi(
- 'uri' => normalize_uri(target_uri.path, 'login.jsp'),
- 'method' => 'GET'
- )
- return CheckCode::Unknown("#{peer} - Could not connect to web service or unable to determine JsessionID") if jsessionid.nil?
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'login.jsp'),
@@ -157,7 +153,7 @@ def send_command(jsessionid, command)
def get_version(jsessionid)
version = send_command(jsessionid, 'SELECT H2VERSION() FROM DUAL;')
# regex likely to break on version upgrades unfortunately
- if version.nil? == false && version =~ %r{
}
+ if version =~ %r{}
print_good("H2 Version detected: #{Regexp.last_match(1)}")
return
end