feat: Allow explicit SSL configuration in start_service method

heyder · heyder · commit 117c2b929817 · 2024-07-19T12:33:13.000+02:00
The start_service method now allows users to specify their SSL preferences directly through the opts parameter. If the ssl option is not provided in opts, it will default to the value in datastore['SSL']. This change enhances the flexibility and usability of the start_service method, preventing unintended behavior when users need to control the SSL setting explicitly. Closes rapid7#19329
diff --git a/lib/msf/core/exploit/remote/http_server.rb b/lib/msf/core/exploit/remote/http_server.rb
@@ -116,14 +116,17 @@ def check_dependencies
   # completely on the datastore. (See dlink_upnp_exec_noauth)
   def start_service(opts = {})
 
+    # Keep compatibility with modules that don't pass the ssl option to the start server but rely on the datastore instead.
+    opts['ssl'] = opts['ssl'].nil? ? datastore['SSL'] : opts['ssl']
+
     check_dependencies
 
     # Start a new HTTP server service.
     self.service = Rex::ServiceManager.start(
       Rex::Proto::Http::Server,
       (opts['ServerPort'] || bindport).to_i,
-      opts['ServerHost'] || bindhost,
-      datastore['SSL'], # XXX: Should be in opts, need to test this
+      opts['ServerHost']  || bindhost,
+      opts['ssl'],
       {
         'Msf'        => framework,
         'MsfExploit' => self,
@@ -149,7 +152,9 @@ def start_service(opts = {})
       'Path' => opts['Path'] || resource_uri
     }.update(opts['Uri'] || {})
 
-    proto = (datastore["SSL"] ? "https" : "http")
+    proto = (opts['ssl'] ? "https" : "http")
+
+    puts proto
 
     # SSLCompression may or may not actually be available. For example, on
     # Ubuntu, it's disabled by default, unless the correct environment
diff --git a/modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb b/modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb
@@ -154,19 +154,16 @@ def run
       fail_with(Failure::BadConfig, 'SRVHOST must be set to an IP address (0.0.0.0 is invalid) for exploitation to be successful')
     end
 
-    if datastore['SSL']
-      ssl_restore = true
-      datastore['SSL'] = false
-    end
     start_service({
       'Uri' => {
         'Proc' => proc do |cli, req|
           on_request_uri(cli, req)
         end,
         'Path' => '/'
-      }
+      },
+      'ssl' => false
     })
-    datastore['SSL'] = true if ssl_restore
+
     xxe_request
   rescue Timeout::Error => e
     fail_with(Failure::TimeoutExpired, e.message)
