Fixup formatting. Patch provided by sethjackson. Closes #896.

2025-12-29 19:09:01 +00:00 · 2017-06-25 19:50:27 +00:00
parent 7a362d3f50
commit 226863eef2
1 changed files with 27 additions and 27 deletions
--- a/scripts/http-vuln-cve2017-5638.nse
+++ b/scripts/http-vuln-cve2017-5638.nse
@@ -38,40 +38,40 @@ categories = { "vuln" }
 portrule = shortport.http

 action = function(host, port)
-    local vuln = {
-        title = "Apache Struts Remote Code Execution Vulnerability",
-        state = vulns.STATE.NOT_VULN,
-        description = [[
+  local vuln = {
+    title = "Apache Struts Remote Code Execution Vulnerability",
+    state = vulns.STATE.NOT_VULN,
+    description = [[
 Apache Struts 2.3.5 - Struts 2.3.31 and Apache Struts 2.5 - Struts 2.5.10 are vulnerable to a Remote Code Execution
 vulnerability via the Content-Type header.
-        ]],
-        IDS = {
-            CVE = "CVE-2017-5638"
-        },
-        references = {
-            'https://cwiki.apache.org/confluence/display/WW/S2-045',
-            'http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html'
-        },
-        dates = {
-            disclosure = { year = '2017', month = '03', day = '07' }
-        }
+    ]],
+    IDS = {
+        CVE = "CVE-2017-5638"
+    },
+    references = {
+        'https://cwiki.apache.org/confluence/display/WW/S2-045',
+        'http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html'
+    },
+    dates = {
+        disclosure = { year = '2017', month = '03', day = '07' }
    }
+  }

-    local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
+  local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)

-    local method = stdnse.get_script_args(SCRIPT_NAME..".method") or "GET"
-    local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/"
-    local value = stdnse.generate_random_string(8)
+  local method = stdnse.get_script_args(SCRIPT_NAME..".method") or "GET"
+  local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/"
+  local value = stdnse.generate_random_string(8)

-    local header = {
-        ["Content-Type"] = string.format("%%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Check-Struts', '%s')}.multipart/form-data", value)
-    }
+  local header = {
+    ["Content-Type"] = string.format("%%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Check-Struts', '%s')}.multipart/form-data", value)
+  }

-    local response = http.generic_request(host, port, method, path, { header = header })
+  local response = http.generic_request(host, port, method, path, { header = header })

-    if response and response.status == 200 and response.header["x-check-struts"] == value then
-        vuln.state = vulns.STATE.VULN
-    end
+  if response and response.status == 200 and response.header["x-check-struts"] == value then
+    vuln.state = vulns.STATE.VULN
+  end

-    return vuln_report:make_output(vuln)
+  return vuln_report:make_output(vuln)
 end