diff --git a/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb b/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb index 5f18f2490816..794b635ebb2f 100644 --- a/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb +++ b/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb @@ -31,7 +31,7 @@ def initialize(info = {}) ['CVE', '2017-1000486'], ['URL', 'https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html'], ['URL', 'https://web.archive.org/web/20180515174733/https://cryptosense.com/blog/weak-encryption-flaw-in-primefaces'], - ['URL', 'http://schuette.se/2018/01/16/in-your-primeface/'], + ['URL', 'https://schuette.se/2018/01/17/cve-2017-1000486-in-your-primeface/'], ['URL', 'https://github.com/primefaces/primefaces/issues/1152'], ['URL', 'https://github.com/pimps/CVE-2017-1000486/tree/master'], ['EDB', '43733'] @@ -122,7 +122,7 @@ def exploit vprint_status("Attempting to execute: #{cmd}") res = http_send_command(payload_wrapper) - fail_with(Failure::UnexpectedReply, 'Internal server error. Payload may be incompatible.') if res && res.code == 500 + fail_with(Failure::UnexpectedReply, 'Internal server error. Payload may be incompatible.') if res&.code == 500 # successful exploitation gives us no response end