Skip to content

Commit 53f0bc3

Browse files
ChocapikkChocapikk
committed
fix: correct version handling error in SPIP check
1 parent 586cf48 commit 53f0bc3

File tree

3 files changed

+14
-22
lines changed

3 files changed

+14
-22
lines changed

modules/exploits/multi/http/spip_connect_exec.rb

Lines changed: 9 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -77,24 +77,17 @@ def initialize(info = {})
7777
end
7878

7979
def check
80-
version = spip_version
80+
rversion = spip_version
81+
return Exploit::CheckCode::Unknown('Unable to determine the version of SPIP') unless rversion
8182

82-
print_status("SPIP Version detected: #{version}")
83+
print_status("SPIP Version detected: #{rversion}")
8384

84-
rversion = Rex::Version.new(version)
85-
86-
if rversion >= Rex::Version.new('2.0.0')
87-
if rversion < Rex::Version.new('2.0.21')
88-
return Exploit::CheckCode::Appears
89-
end
90-
elsif rversion >= Rex::Version.new('2.1.0')
91-
if rversion < Rex::Version.new('2.1.16')
92-
return Exploit::CheckCode::Appears
93-
end
94-
elsif rversion >= Rex::Version.new('3.0.0')
95-
if rversion < Rex::Version.new('3.0.3')
96-
return Exploit::CheckCode::Appears
97-
end
85+
if rversion.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.0.20'))
86+
return Exploit::CheckCode::Appears
87+
elsif rversion.between?(Rex::Version.new('2.1.0'), Rex::Version.new('2.1.15'))
88+
return Exploit::CheckCode::Appears
89+
elsif rversion.between?(Rex::Version.new('3.0.0'), Rex::Version.new('3.0.2'))
90+
return Exploit::CheckCode::Appears
9891
end
9992

10093
return Exploit::CheckCode::Safe

modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,8 @@ def check
7676
return Exploit::CheckCode::Unknown('Unable to determine the version of SPIP') unless rversion
7777

7878
print_status("SPIP Version detected: #{rversion}")
79-
if Rex::Version.new(rversion) > Rex::Version.new('4.2.12')
79+
80+
if rversion > Rex::Version.new('4.2.12')
8081
return CheckCode::Safe("The detected SPIP version (#{rversion}) is not vulnerable.")
8182
end
8283

modules/exploits/multi/http/spip_rce_form.rb

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -80,13 +80,11 @@ def check
8080

8181
print_status("SPIP Version detected: #{rversion}")
8282

83-
if rversion.between?(Rex::Version.new('4.2.0'), Rex::Version.new('4.2.1'))
83+
if rversion.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.0.20'))
8484
return Exploit::CheckCode::Appears
85-
elsif rversion.between?(Rex::Version.new('4.1.0'), Rex::Version.new('4.1.18'))
85+
elsif rversion.between?(Rex::Version.new('2.1.0'), Rex::Version.new('2.1.15'))
8686
return Exploit::CheckCode::Appears
87-
elsif rversion.between?(Rex::Version.new('4.0.0'), Rex::Version.new('4.0.10'))
88-
return Exploit::CheckCode::Appears
89-
elsif rversion.between?(Rex::Version.new('3.2.0'), Rex::Version.new('3.2.18'))
87+
elsif rversion.between?(Rex::Version.new('3.0.0'), Rex::Version.new('3.0.2'))
9088
return Exploit::CheckCode::Appears
9189
end
9290

0 commit comments

Comments
 (0)