Add suggestions

Chocapikk · Chocapikk · commit cc6127897fc0 · 2024-09-07T04:00:25.000+02:00
diff --git a/lib/msf/core/exploit/remote/http/spip.rb b/lib/msf/core/exploit/remote/http/spip.rb
@@ -75,11 +75,8 @@ def spip_plugin_version(plugin_name)
       end
 
       # Case 2: Check for plugin version directly in Composed-By
-      composed_by.split(',').each do |entry|
-        if entry =~ /#{plugin_name}\((\d+(\.\d+)+)\)/
-          return Rex::Version.new(::Regexp.last_match(1))
-        end
-      end
+      plugin_version = parse_plugin_version(composed_by, plugin_name)
+      return plugin_version if plugin_version
 
       # Case 3: Fallback to fetching /local/config.txt directly
       vprint_status('No version found in Composed-By header. Attempting to fetch /local/config.txt directly.')
diff --git a/modules/exploits/multi/http/spip_bigup_unauth_rce.rb b/modules/exploits/multi/http/spip_bigup_unauth_rce.rb
@@ -96,7 +96,7 @@ def check
 
     vulnerable_ranges.each do |range|
       if rversion.between?(range[:start], range[:end])
-        print_good('SPIP version #{rversion} is vulnerable.')
+        print_good("SPIP version #{rversion} is vulnerable.")
         break
       end
     end
