Turning off SSL datastore temporarily.

heyder · heyder · commit 16fefd99428a · 2024-07-17T16:44:50.000+02:00
Briefly disable the SSL datastore option before starting the HTTP server to avoid spinning up an HTTPS server, which would cause the exploit to fail.
diff --git a/modules/exploits/multi/http/magento_xxe_cve_2024_34102.rb b/modules/exploits/multi/http/magento_xxe_cve_2024_34102.rb
@@ -158,6 +158,10 @@ def xxe_request
   end
 
   def exploit
+    if datastore['SSL']
+      ssl_restore = true
+      datastore['SSL'] = false
+    end
     start_service({
       'Uri' => {
         'Proc' => proc do |cli, req|
@@ -166,6 +170,7 @@ def exploit
         'Path' => '/'
       }
     })
+    datastore['SSL'] = true if ssl_restore
     xxe_request
   rescue Timeout::Error => e
     fail_with(Failure::TimeoutExpired, e.message)
