Skip to content

Commit 24527d7

Browse files
David MaloneyDavid Maloney
David Maloney
authored and
David Maloney
committed
Land rapid7#4427, Misfortune Cookie Scanner
lands Jhart's scanner module for the RomPager Misofrtune Cookie vuln.
2 parents 723998e + 8d2bd74 commit 24527d7

File tree

1 file changed

+64
-0
lines changed

1 file changed

+64
-0
lines changed

modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
##
2+
# This module requires Metasploit: http://metasploit.com/download
3+
# Current source: https://github.com/rapid7/metasploit-framework
4+
##
5+
6+
require 'msf/core'
7+
8+
class Metasploit4 < Msf::Auxiliary
9+
include Msf::Exploit::Remote::HttpClient
10+
include Msf::Auxiliary::Scanner
11+
include Msf::Auxiliary::Report
12+
13+
def initialize(info = {})
14+
super(update_info(
15+
info,
16+
'Name' => "Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner",
17+
'Description' => %q(
18+
This module scans for HTTP servers that appear to be vulnerable to the
19+
'Misfortune Cookie' vulnerability which affects Allegro Software
20+
Rompager versions before 4.34 and can allow attackers to authenticate
21+
to the HTTP service as an administrator without providing valid
22+
credentials, however more specifics are not yet known.
23+
),
24+
'Author' => [
25+
'Jon Hart <jon_hart[at]rapid7.com>', # metasploit module
26+
'Lior Oppenheim' # CVE-2014-9222
27+
],
28+
'References' => [
29+
['CVE', '2014-9222'],
30+
['URL', 'http://mis.fortunecook.ie']
31+
],
32+
'DisclosureDate' => 'Dec 17 2014',
33+
'License' => MSF_LICENSE
34+
))
35+
36+
register_options([
37+
OptString.new('TARGETURI', [true, 'Path to fingerprint RomPager from', '/Allegro'])
38+
], self.class)
39+
end
40+
41+
def check_host(ip)
42+
res = send_request_cgi('uri' => normalize_uri(target_uri.path.to_s), 'method' => 'GET')
43+
fp = http_fingerprint(response: res)
44+
if /RomPager\/(?<version>[\d\.]+)$/ =~ fp
45+
if Gem::Version.new(version) < Gem::Version.new('4.34')
46+
report_vuln(
47+
host: ip,
48+
port: rport,
49+
name: name,
50+
refs: references
51+
)
52+
return Exploit::CheckCode::Appears
53+
else
54+
return Exploit::CheckCode::Detected
55+
end
56+
else
57+
return Exploit::CheckCode::Safe
58+
end
59+
end
60+
61+
def run_host(ip)
62+
print_good("#{peer} appears to be vulnerable") if check_host(ip) == Exploit::CheckCode::Appears
63+
end
64+
end

0 commit comments

Comments
 (0)