Land #20421, adds more reliable check in get_nonce function for auxiliary/scanner/http/wp_ultimate_member_sorting_sqli

msutovsky-r7 · web-flow · commit cb381ad54215 · 2025-07-29T12:24:05.000+02:00
Fix `get_nonce` in `auxiliary/scanner/http/wp_ultimate_member_sorting_sqli`
diff --git a/modules/auxiliary/scanner/http/wp_ultimate_member_sorting_sqli.rb b/modules/auxiliary/scanner/http/wp_ultimate_member_sorting_sqli.rb
@@ -62,7 +62,7 @@ def get_nonce
         'uri' => normalize_uri(target_uri.path, uri)
       })
 
-      next unless res&.code == 200
+      next unless res&.code && res.code <= 500
 
       page = res.get_html_document
 
@@ -110,7 +110,7 @@ def get_directory_id(nonce)
     fail_with(Failure::NotFound, "Could not find a valid directory id within the range #{min_range} to #{max_range}")
   end
 
-  def run_host(_ip)
+  def run
     # next line included for automatic inclusion into vulnerable plugins list
     # check_plugin_version_from_readme('ultimate-member', '2.8.3')
     print_status("Performing SQL injection for CVE-2024-1071 via the 'sorting' parameter...")
