Update vulnerable version

Takahiro-Yoko · Takahiro-Yoko · commit 7ecc1cb87ba5 · 2024-12-28T14:39:24.000+09:00
diff --git a/documentation/modules/exploit/linux/http/selenium_greed_chrome_rce_cve_2022_28108.md b/documentation/modules/exploit/linux/http/selenium_greed_chrome_rce_cve_2022_28108.md
@@ -5,11 +5,12 @@ such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
 
 The vulnerability affects:
 
-    * Selenium Server (Grid) before 4
+    * Selenium Server (Grid) before 4.0.0-alpha-7
 
 This module was successfully tested on:
 
     * selenium/standalone-chrome:3.141.59 installed with Docker on Ubuntu 20.0.4
+    * selenium/standalone-chrome:4.0.0-alpha-6-20200730 installed with Docker on Ubuntu 20.0.4
 
 
 ### Installation
diff --git a/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb b/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb
@@ -15,7 +15,7 @@ def initialize(info = {})
         info,
         'Name' => 'Selenium chrome RCE',
         'Description' => %q{
-          Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types
+          Selenium Server (Grid) before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types
           such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
         },
         'Author' => [
