Module: Msf::Exploit::Remote::HTTP::Moodle::Version

Included in:: Msf::Exploit::Remote::HTTP::Moodle

Defined in:: lib/msf/core/exploit/remote/http/moodle/version.rb

Constant Summary collapse

MOODLE_VERSION_PATTERN = Used to check if the version is correct: must contain at least one dot

'(\d+\.\d+(?:\.\d+)*)'

Instance Method Summary collapse

#moodle_version ⇒ String^?

Extracts the Moodle version information from various sources.
#moodle_version_helper(url, regex) ⇒ Object

Instance Method Details

#moodle_version ⇒ `String`^?

Extracts the Moodle version information from various sources

Returns:

(String, nil) —

moodle version if found, nil otherwise

# File 'lib/msf/core/exploit/remote/http/moodle/version.rb', line 10

def moodle_version
  # detect version from /lib/upgrade.txt
  version = moodle_version_helper(normalize_uri(target_uri.path, 'lib', 'upgrade.txt'), /=== #{MOODLE_VERSION_PATTERN} ===/i)
  return version if version

  nil
end

#moodle_version_helper(url, regex) ⇒ `Object`

# File 'lib/msf/core/exploit/remote/http/moodle/version.rb', line 18

def moodle_version_helper(url, regex)
  res = send_request_cgi!({
    'method' => 'GET',
    'uri' => url
  }, 3.5)
  if res
    match = res.body.match(regex)
    return match[1] if match
  end

  nil
end