Issues - rapid7/metasploit-framework

Avoid deeply nested control flow statements.
Open

                  if masterList[x]["name"] == name
                    masterList[x]["path"] << server["path"].first.dup
                    masterList[x]["path"].last << name
                    unless shelled.include?(name)
                      if parse_results[0][2]==1

Found in modules/exploits/windows/mssql/mssql_linkcrawler.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

            break if session_created?

Found in modules/exploits/windows/local/webexec.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

            break if session_created?

Found in modules/exploits/windows/local/ikeext_service.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

                if l.include? 'VERSION="'
                  number = l.split("=")[1].split('"')[1]
                  if number.match /(\d+\.)?(\d+\.)?(\d+\.)?(\*|\d+)$/
                    if number <= '8.1.1.50' and not number < '7'
                      return Exploit::CheckCode::Appears

Found in modules/exploits/windows/misc/ahsay_backup_fileupload.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

          next unless (round3_byte_array[i] == keystr3_byte_array[j])

Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

          next unless (round3_byte_array[i] == keystr2_byte_array[j])

Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

        if Rex::Version.new(phpversion) < Rex::Version.new('5.6.39')
          vprint_good("PHP Version #{phpversion} is vulnerable")
          return CheckCode::Appears
        else
          vprint_bad("PHP Version #{phpversion} is NOT vulnerable, patched in 5.6.39.")

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      unless res
        print_error('Error loading site.  Check options.')
        return
      end

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      if res.code == 302
        cookie = res.get_cookies
        print_good('Login Success')
      else
        print_error('Failed Login, check options.')

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      if /name='e-token' value='(?<etoken>\w{32})'/ =~ res.body && /_system::procEmailBounce.+?cron_execute\[(?<cron_id>\d)\]/m =~ res.body
        print_good("Triggering manual run of mail bounch check cron to execute payload with cron id #{cron_id} and etoken #{etoken}")
        # The post request has several duplicate columns, however all were not required.  Left them commented for documentation purposes
        send_request_cgi(
          'method' => 'POST',

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

    elsif target.name =~ /custom/
      print_status('Listener started for 300 seconds')
      print_good("POST request connection string: x #{command}}")
      # URI.encode leaves + as + since that's a space encoded.  So we manually change it.
      print_good("GET request connection string: #{URI::DEFAULT_PARSER.escape("x " + command + "}").sub! '+', '%2B'}")

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      if res.body.include? 'Status: <b>Disabled</b>'
        print_error('Cron disabled, unexploitable.')
        return
      end

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      unless res
        print_error('Error loading site.  Check options.')
        return
      end

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      unless res
        print_error('Error loading site.  Check options.')
        return
      end

Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

          @my_target = targets[1] if target['auto']

Found in modules/exploits/linux/http/dlink_hnap_bof.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

              rescue Rex::Post::Meterpreter::RequestError
                print_error("Failed to resolve SLD hostname: #{sld_hostname}")

Found in modules/post/multi/sap/smdagent_get_properties.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

        if migrate_system
          print_status('Trying to get SYSTEM privilege')
          results = session.priv.getsystem
          if results[0]
            print_good('Got SYSTEM privilege')

Found in modules/post/windows/gather/smart_hashdump.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

            if version.build_number.between?(Msf::WindowsVersion::Server2008_SP0, Msf::WindowsVersion::Server2012_R2) && version.windows_server?
              move_to_sys
              file_local_write(pwdfile, inject_hashdump)
            else
              print_error('Could not get NTDS hashes!')

Found in modules/post/windows/gather/smart_hashdump.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

          if migrate_system
            print_status('Trying to get SYSTEM privilege')
            results = session.priv.getsystem
            if results[0]
              print_good('Got SYSTEM privilege')

Found in modules/post/windows/gather/smart_hashdump.rb - About 45 mins to fix

Avoid deeply nested control flow statements.
Open

      elsif migrate_system
        print_status('Trying to get SYSTEM privilege')
        results = session.priv.getsystem
        if results[0]
          print_good('Got SYSTEM privilege')

Found in modules/post/windows/gather/smart_hashdump.rb - About 45 mins to fix

rapid7/metasploit-framework

Showing 7,361 of 22,177 total issues

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Severity

Category

Status

Source

Language

rapid7/metasploit-framework

Showing 7,361 of 22,177 total issues

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Avoid deeply nested control flow statements. Open

Severity

Category

Status

Source

Language

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open

Avoid deeply nested control flow statements.
Open