Make it better

jvazquez-r7 · jvazquez-r7 · commit 0a3735fab46a · 2014-09-26T16:01:10.000-05:00
diff --git a/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb b/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb
@@ -58,10 +58,10 @@ def check_host(ip)
         :refs => self.references
       )
       Exploit::CheckCode::Vulnerable
-    elsif res
+    elsif res && res.code == 500
       injected_res_code = res.code
     else
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Safe
     end
 
     res = send_request_cgi({
@@ -70,7 +70,7 @@ def check_host(ip)
     })
 
     if res && injected_res_code == res.code
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Unknown
     elsif res && injected_res_code != res.code
       return Exploit::CheckCode::Appears
     end
diff --git a/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb b/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb
@@ -70,10 +70,10 @@ def check
 
     if res && res.body.include?(marker * 3)
       return Exploit::CheckCode::Vulnerable
-    elsif res
+    elsif res && res.code == 500
       injected_res_code = res.code
     else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Safe
     end
 
     res = send_request_cgi({
@@ -82,7 +82,7 @@ def check
     })
 
     if res && injected_res_code == res.code
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Unknown
     elsif res && injected_res_code != res.code
       return Exploit::CheckCode::Appears
     end
