server header

Michael Messner · Michael Messner · commit c8dddbff7026 · 2015-06-24T21:32:01.000+02:00
diff --git a/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb b/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb
@@ -18,8 +18,7 @@ def initialize(info = {})
         This module exploits an anonymous remote upload and code execution vulnerability on different
         D-Link devices. The vulnerability is a command injection in the cookie handling process of the
         lighttpd web server when handling specially crafted cookie values. This module has been
-        successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment and on the real
-        device.
+        successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.
       },
       'Author'         =>
         [
@@ -39,13 +38,13 @@ def initialize(info = {})
         },
       'Targets' =>
         [
-          [ 'MIPS Little Endian',
+          [ 'MIPS Little Endian',  # unknown if there are LE devices out there ... but in case we have a target
             {
               'Platform' => 'linux',
               'Arch'     => ARCH_MIPSLE
             }
           ],
-          [ 'MIPS Big Endian',  # unknown if there are BE devices out there ... but in case we have a target
+          [ 'MIPS Big Endian',
             {
               'Platform' => 'linux',
               'Arch'     => ARCH_MIPSBE
@@ -63,7 +62,7 @@ def check
         'method' => 'GET',
       })
 
-      if res && res.headers["Server"] =~ /lighttpd\/1.4.34/
+      if res && res.headers["Server"] =~ /lighttpd\/1\.4\.34/
         return Exploit::CheckCode::Detected
       end
     rescue ::Rex::ConnectionError
