added report_web_vuln as suggested by the reviewer

h00die-gr3y · Oct 28, 2024 · 2c40621 · 2c40621
1 parent 5aaf0b2
commit 2c40621
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb b/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb
@@ -61,7 +61,7 @@ def initialize(info = {})
     register_options(
       [
         OptString.new('TARGETURI', [true, 'The URI of the vulnerable Acronis Cyber Protect/Backup instance', '/']),
-        OptEnum.new('OUTPUT', [true, 'output format to use', 'table', ['table', 'json']])
+        OptEnum.new('OUTPUT', [true, 'Output format to use', 'table', ['table', 'json']])
       ]
     )
   end
@@ -285,6 +285,20 @@ def run
       fail_with(Failure::NoAccess, 'Retrieval of the second access token failed.') if @access_token2.nil?
     end
 
+    # report vulnerable instance
+    report_web_vuln(
+      web_site: normalize_uri(target_uri.path, 'api', 'ams', 'versions'),
+      host: datastore['RHOSTS'],
+      port: datastore['RPORT'],
+      ssl: (proto =~ /https/),
+      method: 'POST',
+      proof: "Authorization: Bearer #{@access_token2}",
+      risk: 0,
+      confidence: 100,
+      category: 'admin token',
+      description: 'Administrator token providing full web application accesss.',
+      name: 'Acronis Cyber Protect/Backup administrator token'
+    )
     # get all the managed endpoint configuration info
     print_status('Retrieve all managed endpoint configuration details registered at the Acronis Cyber Protect/Backup appliance.')
     res_json = get_machine_info