peer review

h00die · Dec 6, 2024 · e332001 · e332001
1 parent 492ccca
commit e332001
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb b/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb
@@ -31,7 +31,7 @@ def initialize(info = {})
           ['CVE', '2017-1000486'],
           ['URL', 'https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html'],
           ['URL', 'https://web.archive.org/web/20180515174733/https://cryptosense.com/blog/weak-encryption-flaw-in-primefaces'],
-          ['URL', 'http://schuette.se/2018/01/16/in-your-primeface/'],
+          ['URL', 'https://schuette.se/2018/01/17/cve-2017-1000486-in-your-primeface/'],
           ['URL', 'https://github.com/primefaces/primefaces/issues/1152'],
           ['URL', 'https://github.com/pimps/CVE-2017-1000486/tree/master'],
           ['EDB', '43733']
@@ -122,7 +122,7 @@ def exploit
 
     vprint_status("Attempting to execute: #{cmd}")
     res = http_send_command(payload_wrapper)
-    fail_with(Failure::UnexpectedReply, 'Internal server error. Payload may be incompatible.') if res && res.code == 500
+    fail_with(Failure::UnexpectedReply, 'Internal server error. Payload may be incompatible.') if res&.code == 500
     # successful exploitation gives us no response
   end