Skip to content

Commit 8e2ff8d

Browse files
wwebb-r7wwebb-r7
committed
Land rapid7#7433, Add IP Addresses to HTTP PUT/DELETE scanner output
2 parents 5e7d546 + 98d7b19 commit 8e2ff8d

File tree

1 file changed

+15
-15
lines changed

1 file changed

+15
-15
lines changed

modules/auxiliary/scanner/http/http_put.rb

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ def initialize
5454
# Send a normal HTTP request and see if we successfully uploaded or deleted a file.
5555
# If successful, return true, otherwise false.
5656
#
57-
def file_exists(path, data)
57+
def file_exists(path, data, ip)
5858
begin
5959
res = send_request_cgi(
6060
{
@@ -65,7 +65,7 @@ def file_exists(path, data)
6565
}, 20
6666
).to_s
6767
rescue ::Exception => e
68-
print_error("Error: #{e.to_s}")
68+
print_error("#{ip}: Error: #{e.to_s}")
6969
return nil
7070
end
7171

@@ -75,7 +75,7 @@ def file_exists(path, data)
7575
#
7676
# Do a PUT request to the server. Function returns the HTTP response.
7777
#
78-
def do_put(path, data)
78+
def do_put(path, data, ip)
7979
begin
8080
res = send_request_cgi(
8181
{
@@ -86,7 +86,7 @@ def do_put(path, data)
8686
}, 20
8787
)
8888
rescue ::Exception => e
89-
print_error("Error: #{e.to_s}")
89+
print_error("#{ip}: Error: #{e.to_s}")
9090
return nil
9191
end
9292

@@ -96,7 +96,7 @@ def do_put(path, data)
9696
#
9797
# Do a DELETE request. Function returns the HTTP response.
9898
#
99-
def do_delete(path)
99+
def do_delete(path, ip)
100100
begin
101101
res = send_request_cgi(
102102
{
@@ -106,7 +106,7 @@ def do_delete(path)
106106
}, 20
107107
)
108108
rescue ::Exception => e
109-
print_error("Error: #{e.to_s}")
109+
print_error("#{ip}: Error: #{e.to_s}")
110110
return nil
111111
end
112112

@@ -135,11 +135,11 @@ def run_host(ip)
135135
end
136136

137137
# Upload file
138-
res = do_put(path, data)
139-
vprint_status("Reply: #{res.code.to_s}") if not res.nil?
138+
res = do_put(path, data, ip)
139+
vprint_status("#{ip}: Reply: #{res.code.to_s}") if not res.nil?
140140

141141
# Check file
142-
if not res.nil? and file_exists(path, data)
142+
if not res.nil? and file_exists(path, data, ip)
143143
turl = "#{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}"
144144
print_good("File uploaded: #{turl}")
145145
report_vuln(
@@ -152,26 +152,26 @@ def run_host(ip)
152152
:exploited_at => Time.now.utc
153153
)
154154
else
155-
print_error("File doesn't seem to exist. The upload probably failed.")
155+
print_error("#{ip}: File doesn't seem to exist. The upload probably failed.")
156156
end
157157

158158
when 'DELETE'
159159
# Check file before deleting
160160
if path !~ /(.+\.\w+)$/
161161
print_error("You must supply a filename")
162162
return
163-
elsif not file_exists(path, data)
163+
elsif not file_exists(path, data, ip)
164164
print_error("File is already gone. Will not continue DELETE")
165165
return
166166
end
167167

168168
# Delete our file
169-
res = do_delete(path)
170-
vprint_status("Reply: #{res.code.to_s}") if not res.nil?
169+
res = do_delete(path, ip)
170+
vprint_status("#{ip}: Reply: #{res.code.to_s}") if not res.nil?
171171

172172
# Check if DELETE was successful
173-
if res.nil? or file_exists(path, data)
174-
print_error("DELETE failed. File is still there.")
173+
if res.nil? or file_exists(path, data, ip)
174+
print_error("#{ip}: DELETE failed. File is still there.")
175175
else
176176
turl = "#{(ssl ? 'https' : 'http')}://#{ip}:#{rport}#{path}"
177177
print_good("File deleted: #{turl}")

0 commit comments

Comments
 (0)