Update check

rapid7 · Jan 6, 2025 · 474f542 · 474f542
1 parent 43294df
commit 474f542
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb b/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb
@@ -62,22 +62,21 @@ def initialize(info = {})
   end
 
   def check
-    # Request for Selenium Grid version 3
-    v3res = send_request_cgi({
-      'method' => 'GET',
-      'uri' => normalize_uri(target_uri.path)
-    })
     # Request for Selenium Grid version 4
     v4res = send_request_cgi({
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, 'status')
     })
-    return Exploit::CheckCode::Detected('Selenium Grid version 4.x detected.') if v3res&.code != 200 &&
-                                                                                  v4res && v4res.get_json_document &&
+    return Exploit::CheckCode::Detected('Selenium Grid version 4.x detected.') if v4res && v4res.get_json_document &&
                                                                                   v4res.get_json_document.include?('value') &&
                                                                                   v4res.get_json_document['value'].include?('message') &&
                                                                                   v4res.get_json_document['value']['message'].downcase.include?('selenium grid')
 
+    # Request for Selenium Grid version 3
+    v3res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path)
+    })
     return Exploit::CheckCode::Unknown('Unexpected server reply.') unless v3res&.code == 200
 
     js_code = v3res.get_html_document.css('script').find { |script| script.text.match(/var json = Object.freeze\('(.*?)'\);/) }