Update gitea git hooks rce check method

rapid7 · Oct 1, 2021 · a7aa255 · a7aa255
1 parent 6c4d948
commit a7aa255
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/modules/exploits/multi/http/gitea_git_hooks_rce.rb b/modules/exploits/multi/http/gitea_git_hooks_rce.rb
@@ -105,7 +105,8 @@ def initialize(info = {})
         'DefaultTarget' => 1,
         'Notes' => {
           'Stability' => [CRASH_SAFE],
-          'Reliability' => [REPEATABLE_SESSION]
+          'Reliability' => [REPEATABLE_SESSION],
+          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]
         }
       )
     )
@@ -131,8 +132,12 @@ def check
     end
 
     # Powered by Gitea Version: 1.12.5
-    unless (match = res.body.match(/Powered by Gitea Version: (?<version>[\d.]+)/))
-      return CheckCode::Unsupported('Target does not appear to be running Gitea.')
+    unless (match = res.body.match(/Gitea Version: (?<version>[\da-zA-Z.]+)/))
+      return CheckCode::Unknown('Target does not appear to be running Gitea.')
+    end
+
+    if match[:version].match(/[a-zA-Z]/)
+      return CheckCode::Unknown("Unknown Gitea version #{match[:version]}.")
     end
 
     if Rex::Version.new(match[:version]) >= Rex::Version.new('1.13.0')