Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,960 of 21,960 total issues

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
Severity: Minor
Found in modules/exploits/linux/local/blueman_set_dhcp_handler_dbus_priv_esc.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # /bin/sh -c 'ssh-keygen -P "" -f /dev/null < /dev/null & # -t rsa -q'
    res = send_request_cmd_inject('/dev/null < /dev/null & #')

    unless res
Severity: Minor
Found in modules/exploits/linux/http/saltstack_salt_api_cmd_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, _opts = {})
    vprint_status("Executing command: #{cmd}")

    res = send_command(cmd)
    unless res
Severity: Minor
Found in modules/exploits/linux/http/f5_icontrol_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_exec(Rex::Text.rand_text_alphanumeric(4..11), ['config', '--default', '', 'core.sshCommand'])
    return CheckCode::Unknown unless res

    if res.code == 200 && res.body =~ /^X-Exec-Exit-Status: 0/
Severity: Minor
Found in modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path)
    )
Severity: Minor
Found in modules/exploits/linux/http/nexus_repo_manager_el_injection.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, _opts = {})
    vprint_status("Executing command: #{cmd}")
    res = send_request_exec(@git_repo, ['config', 'core.sshCommand', cmd])
    fail_with(Failure::Unreachable, 'No server response.') unless res
    unless res.code == 200 && res.body =~ /^X-Exec-Exit-Status: 0/
Severity: Minor
Found in modules/exploits/linux/http/sourcegraph_gitserver_sshcmd.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method test_login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def test_login(user, pass)
    print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}")

    login_path = "/login.php"
Severity: Minor
Found in modules/exploits/linux/http/dlink_dir300_exec_telnet.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def login(username, password)
    # yet another csrf token gathering.
    print_status('Authenticating with our activated new user')
    res = send_request_cgi(
      'method' => 'GET',
Severity: Minor
Found in modules/exploits/linux/http/xplico_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts = {})
    if target.name == 'UEB 9.*'
      #substitue the cmd into the hostname parameter
      parms = %Q|{"type":4,"name":"_Stateless","usage":"stateless","build_filesystem":1,"properties":{"username":"aaaa","password":"aaaa","hostname":"`|
      parms << filter_bad_chars(cmd)
Severity: Minor
Found in modules/exploits/linux/http/ueb_api_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, _opts = {})
    # parsing of the cookie field is thrown off by ;. Replacing with && works fine, but the only
    # downside is if the payload fails then it won't clean up after itself. Oddly, device's sh
    # required the spacing.
    cmd = cmd.gsub(/;/, ' && ')
Severity: Minor
Found in modules/exploits/linux/http/cisco_rv_series_authbypass_and_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def login(username, password, check = false)
    hash = Rex::Text.sha1(Rex::Text.sha1(password))
    res = send_request_cgi({
      'method' => 'POST',
      'uri' => normalize_uri(target_uri.path, 'login.php'),
Severity: Minor
Found in modules/exploits/linux/http/atutor_filemanager_traversal.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    begin
      res = send_request_cgi(
        'uri'       => normalize_uri(target_uri.path, 'sysAdmin.cgi'),
        'method'    => 'POST',
Severity: Minor
Found in modules/exploits/linux/http/dnalims_admin_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    fail_with(Failure::Unknown, "Something went horribly wrong and we couldn't continue to exploit.") unless get_version

    vprint_status("Generating payload ...")
    @pl = generate_payload.encoded_jar(random:true)
Severity: Minor
Found in modules/exploits/linux/http/spark_unauth_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_new_session has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def on_new_session(session)
    # cleanup webshell in DOCUMENT_ROOT
    register_files_for_cleanup("#{@config['document_root']}/#{@webshell_name}")

    # Imagick plugin generates a php<random chars> file with MSL code in the directory set by
Severity: Minor
Found in modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def login(user, pass)
    vars_post = {
      name:     user,
      password: Rex::Text.encode_base64(pass),
      remember: 'false'
Severity: Minor
Found in modules/exploits/linux/http/qnap_qcenter_change_passwd_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    # check if upload_tmp_dir and document_root is already initialized with AutoCheck set otherwise run check_phpinfo
    check_phpinfo unless datastore['AutoCheck']
    fail_with(Failure::NotVulnerable, 'Could not get required phpinfo. System is likely patched.') if @config['upload_tmp_dir'].nil? || @config['document_root'].nil?
    fail_with(Failure::UnexpectedReply, "Webshell #{@webshell_name} upload failed.") unless upload_webshell
Severity: Minor
Found in modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method upload_successful? has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def upload_successful?(response)
    unless response
      print_bad('Did not receive a response from elFinder')
      return false
    end
Severity: Minor
Found in modules/exploits/linux/http/elfinder_archive_cmd_injection.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    cmds = [
      # sed is used to restore the redirect.cgi
      "sed -i -e '/sed -i -e/,$d' /usr/syno/synoman/redirect.cgi",
      payload.encoded
Severity: Minor
Found in modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts)
    begin
      # To manually view the vuln page, click Manage > Configure > Commands.
      # Click the "Test this command" button to display the form we abuse.
Severity: Minor
Found in modules/exploits/linux/http/op5_config_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # Send an empty serialized object
    res = send_request_xmlrpc('')

    return CheckCode::Unknown('Target did not respond to check.') unless res
Severity: Minor
Found in modules/exploits/linux/http/apache_ofbiz_deserialization.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language