search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.8k stars 13.9k forks source link

NoMethodError undefined method `unescape' for URI:Module #19201

Open bcoles opened 3 months ago

bcoles commented 3 months ago

13356

13294

URI.unescape is no longer supported as of Ruby 3.0 but is still used within a few modules:

# grep -rn "URI.unescape" modules/
modules/exploits/multi/http/dexter_casinoloader_exec.rb:81:      return Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1]))[1..-3]
modules/exploits/multi/http/dexter_casinoloader_exec.rb:98:      Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
modules/post/multi/gather/lastpass_creds.rb:333:                account_map[account][browser]['lp_creds'][URI.unescape(creds[0])] = { 'lp_password' => nil }
modules/post/multi/gather/lastpass_creds.rb:335:                sha256_hex_email = OpenSSL::Digest::SHA256.hexdigest(URI.unescape(creds[0]))
modules/post/multi/gather/lastpass_creds.rb:337:                creds[1] = decrypt_data(sha256_binary_email, URI.unescape(creds[1]))
modules/post/multi/gather/lastpass_creds.rb:338:                account_map[account][browser]['lp_creds'][URI.unescape(creds[0])] = { 'lp_password' => creds[1] }
modules/post/multi/gather/lastpass_creds.rb:554:      request.set_form_data('wxsessid' => URI.unescape(session_cookie_value), 'uuid' => browser_map['lp_2fa'])
modules/auxiliary/gather/ie_sandbox_findfiles.rb:132:        f = URI.unescape(request.uri.gsub('/found/?f=', ''))
modules/auxiliary/gather/ie_sandbox_findfiles.rb:137:        f = URI.unescape(request.uri.gsub('/notfound/?f=', ''))
modules/auxiliary/scanner/sap/sap_icm_urlscan.rb:175:          url_dec = URI.unescape(url_enc).sub(/;/, '')
modules/auxiliary/scanner/http/rails_mass_assignment.rb:47:      parsed_data = queryparse(URI.unescape(datastore['DATA']))
modules/auxiliary/scanner/http/rails_mass_assignment.rb:49:      parsed_data = queryparse(URI.unescape(datastore['QUERY']))

To reproduce:

msf6 > use auxiliary/scanner/http/rails_mass_assignment
msf6 auxiliary(scanner/http/rails_mass_assignment) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf6 auxiliary(scanner/http/rails_mass_assignment) > set DATA test
DATA => test
msf6 auxiliary(scanner/http/rails_mass_assignment) > run

[-] Auxiliary failed: NoMethodError undefined method `unescape' for URI:Module
[-] Call stack:
[-]   /root/Desktop/metasploit-framework/modules/auxiliary/scanner/http/rails_mass_assignment.rb:47:in `run_host'
[-]   /root/Desktop/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:128:in `block (2 levels) in run'
[-]   /root/Desktop/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/rails_mass_assignment) >
adfoster-r7 commented 3 months ago

Thanks! For whoever picks this up, we should verify this rubocop rule is wired up correctly to make sure these method calls don't sneak in again