From 2c40621d184e0eff2fefa0ba75eae17109156acc Mon Sep 17 00:00:00 2001
From: h00die-gr3y <h00die.gr3y@gmail.com>
Date: Mon, 28 Oct 2024 14:27:05 +0000
Subject: [PATCH] added report_web_vuln as suggested by the reviewer

---
 ...onis_cyber_protect_machine_info_disclosure.rb | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb b/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb
index 40a4f1520721..92ac6c140a39 100644
--- a/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb
+++ b/modules/auxiliary/gather/acronis_cyber_protect_machine_info_disclosure.rb
@@ -61,7 +61,7 @@ def initialize(info = {})
     register_options(
       [
         OptString.new('TARGETURI', [true, 'The URI of the vulnerable Acronis Cyber Protect/Backup instance', '/']),
-        OptEnum.new('OUTPUT', [true, 'output format to use', 'table', ['table', 'json']])
+        OptEnum.new('OUTPUT', [true, 'Output format to use', 'table', ['table', 'json']])
       ]
     )
   end
@@ -285,6 +285,20 @@ def run
       fail_with(Failure::NoAccess, 'Retrieval of the second access token failed.') if @access_token2.nil?
     end
 
+    # report vulnerable instance
+    report_web_vuln(
+      web_site: normalize_uri(target_uri.path, 'api', 'ams', 'versions'),
+      host: datastore['RHOSTS'],
+      port: datastore['RPORT'],
+      ssl: (proto =~ /https/),
+      method: 'POST',
+      proof: "Authorization: Bearer #{@access_token2}",
+      risk: 0,
+      confidence: 100,
+      category: 'admin token',
+      description: 'Administrator token providing full web application accesss.',
+      name: 'Acronis Cyber Protect/Backup administrator token'
+    )
     # get all the managed endpoint configuration info
     print_status('Retrieve all managed endpoint configuration details registered at the Acronis Cyber Protect/Backup appliance.')
     res_json = get_machine_info