Add a mixin to get SPIP version and make use of it #19401
Conversation
|
I've just merged in #19394 would you like to update this PR to include this mixin in the new module too? or I can do it totally up to you |
|
Feel free to do it, it'll be faster than another review round-trip :) |
There was a problem hiding this comment.
I just left one question about the version fingerprinting. This code all looks great, so thanks for making it into a reusable library @jvoisin.
|
|
||
| version_string = res.get_html_document.at('head/meta[@name="generator"]/@content')&.text | ||
| return Exploit::CheckCode::Unknown('Unable to find the version string on the page: spip.php') unless version_string =~ /SPIP (.*)/ | ||
| rversion = spip_version |
There was a problem hiding this comment.
msf6 exploit(unix/webapp/spip_rce_form) > check http://127.0.0.1:8000
[-] Exploit failed: ArgumentError Malformed version number string SPIP 4.2.12
[-] 127.0.0.1:8000 - Check failed: The state could not be determined.
Seems like this is pulling out SPIP 4.2.12 for me in this module and Rex:Version does not like that
I replicated on the other module too, not sure if this is a version specific thing or not
There was a problem hiding this comment.
You're absolutely right, I didn't test the PR well enough. I just pushed some changes that should fix this.
There was a problem hiding this comment.
msf6 exploit(unix/webapp/spip_rce_form) > check http://127.0.0.1:8000
[-] Exploit failed: ArgumentError Malformed version number string 4.2.12 @ www.spip.net +
[-] 127.0.0.1:8000 - Check failed: The state could not be determined.
getting a slightly different error now
There was a problem hiding this comment.
I'm confused as why the regex (/SPIP (.*) /) doesn't match. I don't have a testing environment handy (holidays, yay!), but something like /SPIP ([0-9.]+) / might fix the issue?
There was a problem hiding this comment.
I think we want /SPIP (.*)/ seems like there was a rogue space messing things up
[7] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> version_string
=> "SPIP 4.2.12"
[8] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> version_string =~ /SPIP (.*) /
=> nil
[9] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> version_string =~ /SPIP (.*)/
=> 0
[10] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> ::Regexp.last_match(1)
=> "4.2.12"
There was a problem hiding this comment.
Nice catch! Care to fix it so this can land, or do you prefer to wait until I get back home?
There was a problem hiding this comment.
I'll owe your a beverage of your choice shall we ever meet in the meatspace then, tanks <3
Release NotesAdds a mixin to get SPIP version and make use of it |
This was sparked by #19394