Update checkcodes and bug fixes

adfoster-r7 · adfoster-r7 · commit 4d9db3848bbb · 2026-04-22T14:33:34.000+01:00
diff --git a/modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb b/modules/exploits/linux/http/nagios_xi_chained_rce_2_electric_boogaloo.rb
@@ -87,10 +87,10 @@ def check
       if @version < target[:lower_version]
         vprint_bad('Try nagios_xi_chained for this version.')
       elsif (@version <= target[:upper_version] && @version >= target[:lower_version])
-        return CheckCode::Appears("Version #{version} appears to be vulnerable")
+        return CheckCode::Appears("Version #{@version} appears to be vulnerable")
       end
     end
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def set_db_user(usr, passwd)
diff --git a/modules/exploits/linux/http/nagios_xi_mibs_authenticated_rce.rb b/modules/exploits/linux/http/nagios_xi_mibs_authenticated_rce.rb
@@ -96,10 +96,10 @@ def check
     end
 
     if @version >= Rex::Version.new('5.6.0') && @version <= Rex::Version.new('5.7.3')
-      return CheckCode::Appears("Version #{version} appears to be vulnerable")
+      return CheckCode::Appears("Version #{@version} appears to be vulnerable")
     end
 
-    return CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def execute_command(cmd, _opts = {})
diff --git a/modules/exploits/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce.rb b/modules/exploits/linux/http/nagios_xi_plugins_check_plugin_authenticated_rce.rb
@@ -130,10 +130,10 @@ def check
     end
 
     if @version < Rex::Version.new('5.6.6')
-      return CheckCode::Appears("Version #{version} appears to be vulnerable")
+      return CheckCode::Appears("Version #{@version} appears to be vulnerable")
     end
 
-    return CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def grab_plugins_nsp
diff --git a/modules/exploits/linux/http/nagios_xi_plugins_filename_authenticated_rce.rb b/modules/exploits/linux/http/nagios_xi_plugins_filename_authenticated_rce.rb
@@ -97,10 +97,10 @@ def check
     end
 
     if @version < Rex::Version.new('5.8.0')
-      return CheckCode::Appears("Version #{version} appears to be vulnerable")
+      return CheckCode::Appears("Version #{@version} appears to be vulnerable")
     end
 
-    return CheckCode::Safe("Version #{version} is not vulnerable")
+    return CheckCode::Safe("Version #{@version} is not vulnerable")
   end
 
   def execute_command(cmd, _opts = {})
diff --git a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb
@@ -121,7 +121,7 @@ def check
 
       return CheckCode::Safe(version[2].chop.to_s)
     end
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Safe('Unable to parse target version from response')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457.rb b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457.rb
@@ -212,7 +212,7 @@ def check
         return CheckCode::Safe(version[1].to_s)
       end
     end
-    CheckCode::Safe("Version #{version} is not vulnerable")
+    CheckCode::Safe('Target version is not vulnerable')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/php_imap_open_rce.rb b/modules/exploits/linux/http/php_imap_open_rce.rb
@@ -97,7 +97,7 @@ def check
         return
       end
 
-      if res.code = 200
+      if res.code == 200
         return CheckCode::Detected('The target service was detected')
       end
     elsif target.name =~ /Horde IMP H3/
@@ -246,7 +246,7 @@ def exploit
         return
       end
 
-      if res.code = 200
+      if res.code == 200
         cookie = res.get_cookies
       else
         print_error("HTTP code #{res.code} found, check options.")
diff --git a/modules/exploits/linux/http/pineapple_preconfig_cmdinject.rb b/modules/exploits/linux/http/pineapple_preconfig_cmdinject.rb
@@ -241,13 +241,13 @@ def check
         'method' => 'GET',
         'uri' => brute_uri
       )
-      return Exploit::CheckCode::Safe('The target is not vulnerable') if !brutecheck || !brutecheck.code == 200 || brutecheck.body !~ /own this pineapple/
+      return Exploit::CheckCode::Safe('The target is not vulnerable') if !brutecheck || brutecheck.code != 200 || brutecheck.body !~ /own this pineapple/
 
       return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
     cmd_success = cmd_inject("echo")
-    return Exploit::CheckCode::Vulnerable('The target is vulnerable') if cmd_success && cmdSuccess.code == 200 && cmd_success.body =~ /Executing/
+    return Exploit::CheckCode::Vulnerable('The target is vulnerable') if cmd_success && cmd_success.code == 200 && cmd_success.body =~ /Executing/
 
     Exploit::CheckCode::Safe('The target is not vulnerable')
   end
diff --git a/modules/exploits/linux/http/qnap_qts_rce_cve_2023_47218.rb b/modules/exploits/linux/http/qnap_qts_rce_cve_2023_47218.rb
@@ -85,7 +85,7 @@ def check
     # </Errmsg>
     # </Storage>
 
-    return Exploit::CheckCode::Detected("Target detected: version #{version}") if res.body.include? '<Result>failure</Result>'
+    return Exploit::CheckCode::Detected('QNAP QTS target detected') if res.body.include? '<Result>failure</Result>'
 
     CheckCode::Unknown('Could not determine the target status')
   end
diff --git a/modules/exploits/linux/http/samsung_srv_1670d_upload_exec.rb b/modules/exploits/linux/http/samsung_srv_1670d_upload_exec.rb
@@ -77,7 +77,7 @@ def check
       if resp.body =~ /File Version (\d+\.\d+\.\d+\.\d+)/
         version = $1
         if version == '1.0.0.193'
-          vprint_good "Found vesrion: #{version}"
+          vprint_good "Found version: #{version}"
           return CheckCode::Appears("Version #{version} appears to be vulnerable")
         end
       end
diff --git a/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb b/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb
@@ -105,7 +105,7 @@ def check
         end
       elsif res.code == 401
         print_bad("Authentication failed: #{res.code} response")
-        return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
+        return Exploit::CheckCode::Detected('Authentication required (HTTP 401)')
       else
         print_bad("Unexpected HTTP code: #{res.code} response")
         return Exploit::CheckCode::Unknown('Could not determine the target status')
diff --git a/modules/exploits/linux/http/webmin_packageup_rce.rb b/modules/exploits/linux/http/webmin_packageup_rce.rb
@@ -100,7 +100,7 @@ def check
 
     if res && res.code == 302 && res.body
       version = res.body.split("- Webmin 1.")[1]
-      return CheckCode::Detected("Target detected: version #{version}") if version.nil?
+      return CheckCode::Detected('Webmin detected but version could not be determined') if version.nil?
 
       version = version.split(" ")[0]
       if version <= "910"
diff --git a/modules/exploits/linux/http/zabbix_sqli.rb b/modules/exploits/linux/http/zabbix_sqli.rb
@@ -83,7 +83,7 @@ def check
       return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
 
-    if version and version <= "2.0.8"
+    if version and Rex::Version.new(version) <= Rex::Version.new("2.0.8")
       return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
     else
       return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
diff --git a/modules/exploits/linux/http/zen_load_balancer_exec.rb b/modules/exploits/linux/http/zen_load_balancer_exec.rb
@@ -77,15 +77,15 @@ def check
       })
 
       if res and res.code == 200 and res.body =~ /#version ZEN\s+\$version=\"(2|3\.0\-rc1)/
-        return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
+        return Exploit::CheckCode::Appears("Version #{$1} appears to be vulnerable")
       elsif res and res.code == 200 and res.body =~ /zenloadbalancer/
-        return Exploit::CheckCode::Detected("Target detected: version #{version}")
+        return Exploit::CheckCode::Detected('Zen Load Balancer detected')
       end
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
       vprint_error("Connection failed")
       return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
-    return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit
diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb
@@ -75,11 +75,10 @@ def check
       return Exploit::CheckCode::Detected('The target service was detected') if res.body =~ /<link rel="shortcut icon" type="image\/x\-icon" href="\/zport\/dmd\/favicon\.ico" \/>/
 
       return Exploit::CheckCode::Safe('The target is not vulnerable')
-    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeoutp
+    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
       vprint_error("Connection failed")
       return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
-    return Exploit::CheckCode::Save('Target status check completed')
   end
 
   def exploit
