Peer review suggestion to swap out fail_with for print_error

remmons-r7 · web-flow · commit 108e60ae4daf · 2024-07-09T16:23:25.000-05:00
If the response to the code execution request isn't a 200, the module should error instead of fail. All versions tested returned 200s, but it's a great point that some Confluence versions might return a different status code but still pop a shell.
diff --git a/modules/exploits/multi/http/atlassian_confluence_rce_cve_2024_21683.rb b/modules/exploits/multi/http/atlassian_confluence_rce_cve_2024_21683.rb
@@ -211,7 +211,7 @@ def upload_payload(shell)
     fail_with(Failure::Unknown, 'Target did not respond as expected during code execution attempt') unless res_upload
 
     # If the response to the multipart request does not return a 200.
-    fail_with(Failure::Unknown, 'The application returned a non-200 response during code execution attempt') unless res_upload.code == 200
+    print_error(Failure::Unknown, 'The application returned a non-200 response during code execution attempt') unless res_upload.code == 200
   end
 
   def exploit
