-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix bug where vhost wasn't being set correctly when using rhost http url #14609
Fix bug where vhost wasn't being set correctly when using rhost http url #14609
Conversation
@@ -51,7 +51,7 @@ def calculate_value(datastore) | |||
return unless datastore['RHOSTS'] | |||
begin | |||
uri_type = datastore['SSL'] ? URI::HTTPS : URI::HTTP | |||
uri = uri_type.build(host: datastore['RHOSTS']) | |||
uri = uri_type.build(host: datastore['VHOST'] || datastore['RHOSTS']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we have a VHOST
set we should be attempting to rebuild the full url from that rather than just using the IP
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be great to update the existing tests to cover this scenario 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm I'll look into that, could be tricky though, the tests already should be testing that, the problem here is something else is modifying it 😬
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adfoster-r7 sorted, I was wrong very easy after you helped me out 🙃
Before the patch:
After the patch:
|
Release NotesFixed an issue in the |
Looks like this breaks modules by dropping the vhost in some scenarios: |
Let me know how I can assist in helping to fix this, sorry for the inconvenience! |
@adfoster-r7 noticed a bug where the
VHOST
datastore option was not being set correctly when using theRHOST_HTTP_URL
option, this PR is to fix that particular issueVerification steps
Start up msfconsole
set HTTPTRACE true
features set RHOST_HTTP_URL true
use exploit/multi/http/gitlab_file_read_rce
set RHOST_HTTP_URL <http://example.com>
- Targeting hackthebox laboratory box 10.10.10.216
- Add
git.laboratory.htb
to your /etc/hosts:set username foo
set password foo
run
the moduleWith this fix you should see the
Host
header properly filled in with the domain name (on master this is not populated correctly)