Fix atutor_filemanager_traversal.rb credentials checks and clean up code #13725
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
About
This change fixes a bug in the atutor_filemanager_traversal.rb module at /modules/exploits/linux/http/ and cleans up the code. Currently, the module will not run if no credentials are provided, even though these are not required. The reason is the erroneous use of
empty?
in the exploit method (line 302):if (not datastore['USERNAME'].empty? and not datastore['PASSWORD'].empty?)
. This bug is also present in the check method (line 82), causing check to fail in the same scenario as well. This change also incorporates automatic code improvements made by running RuboCop against the module, and cleans up theexec_code
method.Scenarios