Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes rhost_http_url crashes when running the check method #14381

Merged
merged 2 commits into from Nov 13, 2020
Merged

Fixes rhost_http_url crashes when running the check method #14381

merged 2 commits into from Nov 13, 2020

Conversation

cgranleese-r7
Copy link
Contributor

@cgranleese-r7 cgranleese-r7 commented Nov 11, 2020
edited

This PR Resolves #14308.

The crash was previously caused when the user enabled features set RHOST_HTTP_URL true, then when the check method is ran, it would crash and return this error message.

[-] Check failed: NoMethodError undefined method `split' for #<Hash:0x00005592b18970d0>

Example of crash:
fix_rhost_crash_check_command_issue

This was caused due to a hash being passed in as value in single_rhost?(value). The fix now checks if value is a hash in get_uri and sets it appropriately before it gets passed to single_rhost?(value).

Options used to recreated issue:

image

Verification

Set-up for testing:
I edited my /etc/hosts to contain

127.0.0.1       wordpress.jeff.thm

image

Test steps:

  • Start msfconsole
  • run features set RHOST_HTTP_URL true
  • run use exploit/unix/webapp/wp_admin_shell_upload
  • Set options - see above for options used
  • Verify the check method does not cause a crash

@cgranleese-r7 cgranleese-r7 marked this pull request as ready for review November 12, 2020 17:22
@adfoster-r7 adfoster-r7 merged commit 6aa2efc into rapid7:master Nov 13, 2020
@adfoster-r7
Copy link
Contributor

adfoster-r7 commented Nov 13, 2020
edited by pbarry-r7

Release Notes

Fixed a crash when RHOST_HTTP_URL was used in conjunction with the check command. The RHOST_HTTP_URL option can be enabled with the command features set RHOST_HTTP_URL true.

@cgranleese-r7 cgranleese-r7 deleted the rhost-check-method-crash-fix branch November 13, 2020 10:01
@pbarry-r7 pbarry-r7 added rn-fix release notes fix bug labels Nov 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

Assignees

@adfoster-r7 adfoster-r7

Labels
bug rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

wp_admin_shell_upload - using rhost_http_url crashes when running the check method
3 participants
@cgranleese-r7 @adfoster-r7 @pbarry-r7