Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    _success, epmp_ver = is_app_epmp1000?
    if (epmp_ver < '3.1' || epmp_ver > '3.5' && epmp_ver != '3.5-RC7')
      print_error('This module is applicable to versions 3.1-3.5-RC7 only. Exiting now.')
      return
Severity: Minor
Found in modules/exploits/unix/http/epmp1000_get_chart_cmd_shell.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_appkey has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def check_appkey
    key = datastore['APP_KEY'].present? ? datastore['APP_KEY'] : ''
    return key unless key.empty?

    vprint_status 'APP_KEY not set. Will try to find it...'
Severity: Minor
Found in modules/exploits/unix/http/laravel_token_unserialize_exec.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_raw({
      'uri'     => normalize_uri(datastore['URI'], '/index.php')
    }, 25)
Severity: Minor
Found in modules/exploits/unix/webapp/sphpblog_file_upload.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    vprint_status("Trying to login as #{username}")
    cookie = wordpress_login(username, password)
    fail_with(Failure::NoAccess, "#{peer} - Unable to login as: #{username}") if cookie.nil?
    store_valid_credential(user: username, private: password, proof: cookie)
Severity: Minor
Found in modules/exploits/unix/webapp/wp_ajax_load_more_file_upload.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method upload has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def upload
    @fname = "#{rand_text_alphanumeric(rand(10)+6)}.php"
    php  = "<?php #{payload.encoded} ?>"

    data = Rex::MIME::Message.new
Severity: Minor
Found in modules/exploits/unix/webapp/simple_e_document_upload_exec.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    user = datastore['USER']
    pass = datastore['PASS']

    if datastore['SSHKEY']
Severity: Minor
Found in modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def login(user, pass)
    vprint_status "Authenticating as user '#{user}'"

    vars_post = {
      username: user,
Severity: Minor
Found in modules/exploits/unix/webapp/fusionpbx_exec_cmd_exec.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method go has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def go(command)

    encoded = command.unpack("C*").collect{|x| "chr(#{x})"}.join('.')
    wrapper = rand_text_alphanumeric(rand(128)+32)
Severity: Minor
Found in modules/exploits/unix/webapp/php_xmlrpc_eval.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # An unknown route will trigger the ThinkPHP copyright with version
    res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'index.php'),
Severity: Minor
Found in modules/exploits/unix/webapp/thinkphp_rce.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

    def check
        uri = datastore['PHPURI'] ? datastore['PHPURI'].dup : ""

        tpath = normalize_uri(datastore['PATH'])
        if tpath[-1,1] == '/'
Severity: Minor
Found in modules/exploits/unix/webapp/php_include.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts = {})
    func = opts[:func] || datastore['PHP_FUNC'] || 'passthru'

    vprint_status("Executing with #{func}(): #{cmd}")
Severity: Minor
Found in modules/exploits/unix/webapp/drupal_drupalgeddon2.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    unless @version
      print_warning('Targeting Drupal 7.x as a fallback')
      @version = Rex::Version.new('7')
    end
Severity: Minor
Found in modules/exploits/unix/webapp/drupal_drupalgeddon2.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def check

    peer    = "#{rhost}:#{rport}"
    base    = target_uri.path
    base    << '/' if base[-1, 1] != '/'
Severity: Minor
Found in modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    base     = target_uri.path
    base    << '/' if base[-1, 1] != '/'
    cookie   = "ZMSESSID=" + rand_text_alphanumeric(rand(10)+6)
    user     = datastore['USERNAME']
Severity: Minor
Found in modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def login(user, pass, _opts = {})
    uri = normalize_uri(target_uri.path, '/maint/')
    print_status("#{peer} - Authenticating using \"#{user}:#{pass}\" credentials...")
    res = send_request_cgi({
      'uri' => uri,
Severity: Minor
Found in modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method go has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def go(command)
    wrapper = rand_text_alphanumeric(rand(128)+32)

    command = "echo #{wrapper};#{command};echo #{wrapper};"
    encoded = command.unpack("C*").collect{|x| "chr(#{x})"}.join('.')
Severity: Minor
Found in modules/exploits/unix/webapp/php_vbulletin_template.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cleanup has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def cleanup
    super

    # delete rogue .php file used for execution (if present)
    delete_file(@rogue_file) if @rogue_file
Severity: Minor
Found in modules/exploits/unix/webapp/bolt_authenticated_rce.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def login(user, pass)
    vprint_status "Authenticating as user '#{user}'"

    vars_post = {
      username: user,
Severity: Minor
Found in modules/exploits/unix/webapp/fusionpbx_operator_panel_exec_cmd_exec.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit

    uri = normalize_uri(datastore['URI'])
    print_status("Sending request to http://#{rhost}:#{rport}#{uri}")
Severity: Minor
Found in modules/exploits/unix/webapp/nagios3_statuswml_ping.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'index.php'),
      'method' => 'GET'
    )
Severity: Minor
Found in modules/exploits/unix/webapp/zoneminder_snapshots.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language