allow custom regex

firefart · firefart · commit 55967172be80 · 2015-05-02T21:06:15.000+02:00
diff --git a/lib/msf/http/wordpress/version.rb b/lib/msf/http/wordpress/version.rb
@@ -85,11 +85,12 @@ def check_theme_version_from_readme(theme_name, fixed_version = nil, vuln_introd
   # Checks a custom file for a vulnerable version
   #
   # @param [String] uripath The relative path of the file
+  # @param [Regexp] regex The regular expression to extract the version. The first captured group must contain the version.
   # @param [String] fixed_version Optional, the version the vulnerability was fixed in
   # @param [String] vuln_introduced_version Optional, the version the vulnerability was introduced
   #
   # @return [ Msf::Exploit::CheckCode ]
-  def check_version_from_custom_file(uripath, fixed_version = nil, vuln_introduced_version = nil)
+  def check_version_from_custom_file(uripath, regex, fixed_version = nil, vuln_introduced_version = nil)
     res = send_request_cgi(
       'uri'    => uripath,
       'method' => 'GET'
@@ -98,7 +99,7 @@ def check_version_from_custom_file(uripath, fixed_version = nil, vuln_introduced
     # file not found
     return Msf::Exploit::CheckCode::Unknown if res.nil? || res.code != 200
 
-    return extract_and_check_version(res.body.to_s, :custom, 'custom file', fixed_version, vuln_introduced_version)
+    return extract_and_check_version(res.body.to_s, :custom, 'custom file', fixed_version, vuln_introduced_version, regex)
   end
 
   private
@@ -156,7 +157,7 @@ def check_version_from_readme(type, name, fixed_version = nil, vuln_introduced_v
     end
   end
 
-  def extract_and_check_version(body, type, item_type, fixed_version = nil, vuln_introduced_version = nil)
+  def extract_and_check_version(body, type, item_type, fixed_version = nil, vuln_introduced_version = nil, regex = nil)
     case type
     when :readme
       # Try to extract version from readme
@@ -169,7 +170,7 @@ def extract_and_check_version(body, type, item_type, fixed_version = nil, vuln_i
       # Version: 1.5.2
       version = body[/(?:Version):\s*([0-9a-z.-]+)/i, 1]
     when :custom
-      version = body[/(?:Version):\s*([0-9a-z.-]+)/i, 1]
+      version = body[regex, 1]
     else
       fail("Unknown file type #{type}")
     end
diff --git a/spec/lib/msf/http/wordpress/version_spec.rb b/spec/lib/msf/http/wordpress/version_spec.rb
@@ -253,76 +253,77 @@
     let(:wp_body) { nil }
     let(:wp_path) { '/test/' }
     let(:wp_fixed_version) { nil }
+    let(:wp_regex) { /(?:Version):\s*([0-9a-z.-]+)/i }
 
     context 'when no file is found' do
       let(:wp_code) { 404 }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Unknown) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Unknown) }
     end
 
     context 'when no version can be extracted from style' do
       let(:wp_code) { 200 }
       let(:wp_body) { 'invalid content' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Detected) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Detected) }
     end
 
     context 'when version from style has arbitrary leading whitespace' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.0.1' }
       let(:wp_body) { 'Version:  1.0.0' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
       let(:wp_body) { 'Version:1.0.0' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
     end
 
     context 'when installed version is vulnerable' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.0.1' }
       let(:wp_body) { 'Version: 1.0.0' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
     end
 
     context 'when installed version is not vulnerable' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.0.1' }
       let(:wp_body) { 'Version: 1.0.2' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
     end
 
     context 'when installed version is vulnerable (version range)' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.0.2' }
       let(:wp_introd_version) { '1.0.0' }
       let(:wp_body) { 'Version: 1.0.1' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Appears) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Appears) }
     end
 
     context 'when installed version is older (version range)' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.0.1' }
       let(:wp_introd_version) { '1.0.0' }
       let(:wp_body) { 'Version: 0.0.9' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
     end
 
     context 'when installed version is newer (version range)' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.0.1' }
       let(:wp_introd_version) { '1.0.0' }
       let(:wp_body) { 'Version: 1.0.2' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
     end
 
     context 'when installed version is newer (text in version number)' do
       let(:wp_code) { 200 }
       let(:wp_fixed_version) { '1.5.3' }
       let(:wp_body) { 'Version: 2.0.0-beta1' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex, wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
     end
 
     context 'when all versions are vulnerable' do
       let(:wp_code) { 200 }
       let(:wp_body) { 'Version: 1.0.0' }
-      it { expect(subject.send(:check_version_from_custom_file, wp_path)).to be(Msf::Exploit::CheckCode::Appears) }
+      it { expect(subject.send(:check_version_from_custom_file, wp_path, wp_regex)).to be(Msf::Exploit::CheckCode::Appears) }
     end
   end
 
