From 3a28df6b32cd511f583c440e9f9b0a7fab9f3a01 Mon Sep 17 00:00:00 2001
From: Takahiro Yokoyama <tkhr.y0k0yama@gmail.com>
Date: Sat, 4 Jan 2025 08:41:56 +0900
Subject: [PATCH] Apply suggestions from code review

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
---
 .../http/selenium_greed_chrome_rce_cve_2022_28108.rb     | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb b/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb
index 9ed89fa797d1..28d52e533fb5 100644
--- a/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb
+++ b/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb
@@ -30,7 +30,6 @@ def initialize(info = {})
           ['URL', 'https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/'],
         ],
         'Payload' => {
-          'DisableNops' => true
         },
         'Platform' => %w[linux],
         'Targets' => [
@@ -83,10 +82,14 @@ def check
     end
 
     js_code = res.get_html_document.css('script').find { |script| script.text.match(/var json = Object.freeze\('(.*?)'\);/) }
-    return Exploit::CheckCode::Unknown unless js_code
+    return Exploit::CheckCode::Unknown('Unable to determine the version.') unless js_code
 
     json_str = js_code.text.match(/var json = Object.freeze\('(.*?)'\);/)[1]
-    json_data = JSON.parse(json_str)
+    begin
+      json_data = JSON.parse(json_str)
+    rescue JSON::ParserError
+      return Exploit::CheckCode::Unknown('Unable to determine the version.')
+    end
     return Exploit::CheckCode::Unknown unless json_data && json_data.include?('version') && json_data['version']
 
     # Extract the version