Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve wordpress check versions #12640

Merged

Conversation

@cdelafuente-r7
Copy link
Contributor

cdelafuente-r7 commented Nov 28, 2019

This PR add some improvement to the Wordpress version helper:

  • Add log message to Detected and Unknown check codes
  • Add an exception handler to catch Gem::Version parsing errors
  • Update specs (not sure why, but specs where failing even before these changes)

Verification

List the steps needed to make sure this thing works

  • rspec spec/lib/msf/core/exploit/http/wordpress/version_spec.rb
- Add log message to Detected and Unknown check codes
- Add an exception handler to catch Gem::Version parsing errors
unless res && res.code == 200
return Msf::Exploit::CheckCode::Unknown
return Msf::Exploit::CheckCode::Unknown("File not found")

This comment has been minimized.

Copy link
@dwelch-r7

dwelch-r7 Nov 29, 2019

Contributor

Probably should check the response code is 404 before you can know for sure the issue was "File not Found"

This comment has been minimized.

Copy link
@cdelafuente-r7

cdelafuente-r7 Nov 29, 2019

Author Contributor

Absolutely, I changed the message to be less specific and kept the original the logic here 857677f.

@bcoles bcoles added the library label Nov 30, 2019
@busterb busterb self-assigned this Dec 26, 2019
busterb added a commit that referenced this pull request Dec 26, 2019
Merge remote-tracking branch 'upstream/pr/12640' into upstream-master
@busterb busterb merged commit 857677f into rapid7:master Dec 26, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
msjenkins-r7 added a commit that referenced this pull request Dec 26, 2019
Merge remote-tracking branch 'upstream/pr/12640' into upstream-master
@tperry-r7

This comment has been minimized.

Copy link
Contributor

tperry-r7 commented Jan 14, 2020

Release Notes

This adds a log message to Detected and Unknown check codes, an exception handler to catch Gem::Version parsing errors and updates the spec for the exploit/http/wordpress/version.rb exploit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.