Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a mixin to get SPIP version and make use of it #19401

Merged
merged 3 commits into from
Aug 30, 2024

Conversation

jvoisin
Copy link
Contributor

@jvoisin jvoisin commented Aug 19, 2024

This was sparked by #19394

@dwelch-r7 dwelch-r7 self-assigned this Aug 20, 2024
@dwelch-r7
Copy link
Contributor

I've just merged in #19394 would you like to update this PR to include this mixin in the new module too? or I can do it totally up to you

@dwelch-r7 dwelch-r7 added the rn-enhancement release notes enhancement label Aug 21, 2024
@jvoisin
Copy link
Contributor Author

jvoisin commented Aug 21, 2024

Feel free to do it, it'll be faster than another review round-trip :)

Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just left one question about the version fingerprinting. This code all looks great, so thanks for making it into a reusable library @jvoisin.

lib/msf/core/exploit/remote/http/spip.rb Outdated Show resolved Hide resolved

version_string = res.get_html_document.at('head/meta[@name="generator"]/@content')&.text
return Exploit::CheckCode::Unknown('Unable to find the version string on the page: spip.php') unless version_string =~ /SPIP (.*)/
rversion = spip_version
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msf6 exploit(unix/webapp/spip_rce_form) > check http://127.0.0.1:8000

[-] Exploit failed: ArgumentError Malformed version number string SPIP 4.2.12
[-] 127.0.0.1:8000 - Check failed: The state could not be determined.

Seems like this is pulling out SPIP 4.2.12 for me in this module and Rex:Version does not like that
I replicated on the other module too, not sure if this is a version specific thing or not

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're absolutely right, I didn't test the PR well enough. I just pushed some changes that should fix this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msf6 exploit(unix/webapp/spip_rce_form) > check http://127.0.0.1:8000

[-] Exploit failed: ArgumentError Malformed version number string 4.2.12 @ www.spip.net +
[-] 127.0.0.1:8000 - Check failed: The state could not be determined.

getting a slightly different error now

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused as why the regex (/SPIP (.*) /) doesn't match. I don't have a testing environment handy (holidays, yay!), but something like /SPIP ([0-9.]+) / might fix the issue?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we want /SPIP (.*)/ seems like there was a rogue space messing things up

[7] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> version_string
=> "SPIP 4.2.12"
[8] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> version_string =~ /SPIP (.*) /
=> nil
[9] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> version_string =~ /SPIP (.*)/
=> 0
[10] pry(#<Msf::Modules::Exploit__Unix__Webapp__Spip_rce_form::MetasploitModule>)> ::Regexp.last_match(1)
=> "4.2.12"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch! Care to fix it so this can land, or do you prefer to wait until I get back home?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can do it no problem

Copy link
Contributor Author

@jvoisin jvoisin Aug 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll owe your a beverage of your choice shall we ever meet in the meatspace then, tanks <3

@dwelch-r7 dwelch-r7 merged commit 05cfe7c into rapid7:master Aug 30, 2024
63 checks passed
@dwelch-r7
Copy link
Contributor

dwelch-r7 commented Aug 30, 2024

Release Notes

Adds a mixin to get SPIP version and make use of it

@jvoisin jvoisin deleted the spip_version branch September 1, 2024 21:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
rn-enhancement release notes enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants