File tree Expand file tree Collapse file tree 1 file changed +6
-7
lines changed
modules/exploits/linux/http Expand file tree Collapse file tree 1 file changed +6
-7
lines changed Original file line number Diff line number Diff line change @@ -62,22 +62,21 @@ def initialize(info = {})
6262 end
6363
6464 def check
65- # Request for Selenium Grid version 3
66- v3res = send_request_cgi ( {
67- 'method' => 'GET' ,
68- 'uri' => normalize_uri ( target_uri . path )
69- } )
7065 # Request for Selenium Grid version 4
7166 v4res = send_request_cgi ( {
7267 'method' => 'GET' ,
7368 'uri' => normalize_uri ( target_uri . path , 'status' )
7469 } )
75- return Exploit ::CheckCode ::Detected ( 'Selenium Grid version 4.x detected.' ) if v3res &.code != 200 &&
76- v4res && v4res . get_json_document &&
70+ return Exploit ::CheckCode ::Detected ( 'Selenium Grid version 4.x detected.' ) if v4res && v4res . get_json_document &&
7771 v4res . get_json_document . include? ( 'value' ) &&
7872 v4res . get_json_document [ 'value' ] . include? ( 'message' ) &&
7973 v4res . get_json_document [ 'value' ] [ 'message' ] . downcase . include? ( 'selenium grid' )
8074
75+ # Request for Selenium Grid version 3
76+ v3res = send_request_cgi ( {
77+ 'method' => 'GET' ,
78+ 'uri' => normalize_uri ( target_uri . path )
79+ } )
8180 return Exploit ::CheckCode ::Unknown ( 'Unexpected server reply.' ) unless v3res &.code == 200
8281
8382 js_code = v3res . get_html_document . css ( 'script' ) . find { |script | script . text . match ( /var json = Object.freeze\( '(.*?)'\) ;/ ) }
You can’t perform that action at this time.
0 commit comments