Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port)

MSP-13234

Author: farias-r7

lib/msf/base/simple/exploit.rb

@@ -165,7 +165,7 @@ def setup_fail_detail_from_exception e
     self.error = e
 
     # Record the detailed reason
-    self.exploit.fail_detail ||= e.to_s
+    self.fail_detail ||= e.to_s
     msg
   end
 
@@ -175,9 +175,6 @@ def setup_fail_detail_from_exception e
   def handle_exception e
     msg = setup_fail_detail_from_exception e
 
-    require 'pry'
-    binding.pry
-
     case e
       when Msf::Exploit::Complete
         # Nothing to show in this case
@@ -235,8 +232,6 @@ def handle_exception e
         dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
     end
 
-
-
     # Record the error to various places
     self.framework.events.on_module_error(self, msg)
 

lib/msf/core/db_manager/exploit_attempt.rb

@@ -119,6 +119,7 @@ def do_report_failure_or_success(opts)
       username   = opts[:username]
       mname      = opts[:module]
 
+
       if vuln.nil?
         ref_names = mrefs.map { |ref|
           if ref.respond_to?(:ctx_id) and ref.respond_to?(:ctx_val)

lib/msf/core/db_manager/vuln.rb

@@ -46,7 +46,8 @@ def find_vuln_by_details(details_map, host, service=nil)
 
   def find_vuln_by_refs(refs, host, service=nil)
     ref_ids = refs.find_all { |ref| ref.name.starts_with? 'CVE-'}
-    host.vulns.includes(:refs).where(service_id: service.try(:id), refs: { id: ref_ids}).first
+    relation = host.vulns.includes(:refs)
+    relation.where(service_id: service.try(:id), refs: { id: ref_ids}).first || relation.where(refs: { id: ref_ids}).first
   end
 
   def get_vuln(wspace, host, service, name, data='')

lib/msf/core/exploit.rb

@@ -1260,7 +1260,6 @@ def fail_with(reason,msg=nil)
   end
 
   def report_failure
-
     return unless framework.db and framework.db.active
 
     info = {
@@ -1293,6 +1292,7 @@ def report_failure
       )
     end
 
+
     framework.db.report_exploit_failure(info)
   end