Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix NoMethodError in jira_plugin_upload exploit module #11784

Merged
merged 1 commit into from Apr 29, 2019

Conversation

Projects
None yet
4 participants
@space-r7
Copy link
Contributor

commented Apr 26, 2019

This adds checks to the functionality that searches responses for a particular value in the jira_plugin_upload exploit module. Referencing issue #11609

Verification

  • Install Atlassian SDK/Jira environment.
  • Browse to localhost:2990/jira/ to confirm successful deployment.
  • Start msfconsole: msfconsole -q
  • Do: use exploit/multi/http/jira_plugin_upload
  • Do: set rhost [IP]
  • Check credentials and UPM access: check
  • Do: exploit
  • You should get a shell.

@bcoles bcoles added bug module labels Apr 26, 2019

@wchen-r7 wchen-r7 self-assigned this Apr 29, 2019

@wchen-r7

This comment has been minimized.

Copy link
Contributor

commented Apr 29, 2019

So I didn't actually install Jira to test this, but trying Nokogiri tells me it could return nil:

require 'nokogiri'

html = %Q|
<html>
<head>
<title>Hello World</title>
</head>
<body>
<div id="section">Hello World</span>
</body>
</html>
|

nodes = Nokogiri::HTML(html)
puts nodes.at('invalid').inspect

So my conclusion is the nil checks should work fine so it should be safe to land.

@wchen-r7 wchen-r7 merged commit 3de617f into rapid7:master Apr 29, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

wchen-r7 added a commit that referenced this pull request Apr 29, 2019

@wchen-r7

This comment has been minimized.

Copy link
Contributor

commented Apr 29, 2019

Release Notes

This adds additional nil checks for Nokogiri to avoid NoMethodError.

msjenkins-r7 added a commit that referenced this pull request Apr 29, 2019

@gdavidson-r7 gdavidson-r7 added the rn-fix label May 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.