update check method to detected other vulnerable services

h00die-gr3y · h00die-gr3y · commit 2baabfa17b56 · 2025-05-03T14:08:49.000Z
diff --git a/modules/exploits/windows/http/gladinet_viewstate_deserialization_cve_2025_30406.rb b/modules/exploits/windows/http/gladinet_viewstate_deserialization_cve_2025_30406.rb
@@ -27,8 +27,10 @@ def initialize(info = {})
           the machineKey, they can forge ViewState payloads that pass integrity checks.
           This can result in ViewState deserialization attacks, potentially leading to
           remote code execution (RCE) on the web server.
+
           Gladinet CentreStack versions up to 16.4.10315.56368 are vulnerable (fixed in 16.4.10315.56368).
           Gladinet Triofox versions up to 16.4.10317.56372 are vulnerable (fixed in 16.4.10317.56372).
+          NOTE: There are other rebranded services that might be vulnerable and can be detected by this module.
         },
         'Author' => [
           'Huntress Team', # discovery and detailed vulnerability write up
@@ -126,7 +128,7 @@ def check
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, 'portal', 'loginpage.aspx')
     })
-    return CheckCode::Safe('Failed to identify that Gladinet CentreStack or Triofox is running.') unless res&.code == 200 && res.body.include?('GLADINET')
+    return CheckCode::Safe('Failed to identify that Gladinet CentreStack/Triofox or similar service is running.') unless res&.code == 200 && res.body.include?('id="__VIEWSTATEGENERATOR" value="3FE2630A"')
 
     if res.body.include?('CentreStack')
       check_app = 'CentreStack'
@@ -136,18 +138,21 @@ def check
       check_app = 'Unknown'
     end
 
-    build = res.body.match(/\(Build.*\)/)
-    unless build.nil? || check_app == 'Unknown'
-      version = Rex::Version.new(build[0].split(' ')[1].chomp(')'))
+    build = res.body.match(/\(Build\s*.*\)/)
+    unless build.nil?
+      version = build[0].gsub(/[[:space:]]/, '').split('Build')[1].chomp(')')
+      rex_version = Rex::Version.new(version)
       if check_app == 'CentreStack'
-        return CheckCode::Appears("#{check_app} #{build}") if version < Rex::Version.new('16.4.10315.56368')
+        return CheckCode::Appears("Service #{check_app} (Build #{version})") if rex_version < Rex::Version.new('16.4.10315.56368')
       elsif check_app == 'Triofox'
-        return CheckCode::Appears("#{check_app} #{build}") if version < Rex::Version.new('16.4.10317.56372')
+        return CheckCode::Appears("Service #{check_app} (Build #{version})") if rex_version < Rex::Version.new('16.4.10317.56372')
+      elsif check_app == 'Unknown'
+        return CheckCode::Detected("Service #{check_app} (Build #{version})") if rex_version < Rex::Version.new('16.4.10317.56372')
       end
-      return CheckCode::Safe("#{check_app} #{build}")
+      return CheckCode::Safe("Service #{check_app} (Build #{version})")
     end
 
-    CheckCode::Unknown('No CentreStack or Triofox application and/or build version detected.')
+    CheckCode::Detected("Service #{check_app} (Build not detected)")
   end
 
   def exploit
