🎉 CVE-2024-23897 fix errors and display successful targets

wjlin0 · Jan 28, 2024 · 4f8101e · 4f8101e
1 parent 21f7548
commit 4f8101e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/pkg/runner/output.go b/pkg/runner/output.go
@@ -20,7 +20,16 @@ func SetOutput(options *types.Options) {
 		gologger.DefaultLogger.SetFormatter(formatter.NewCLI(options.NoColor))
 	}
 }
+
+func (r *Runner) AddSuccess() {
+	r.Lock()
+	defer r.Unlock()
+	r.success++
+}
+
 func (r *Runner) Output(event *output.ResultEvent) {
+	r.Lock()
+	defer r.Unlock()
 	opts := r.options
 	if event.URL == "" {
 		return

diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
@@ -26,6 +26,7 @@ type Runner struct {
 	options *types.Options
 	targets []*input.Target
 	wg      sizedwaitgroup.SizedWaitGroup
+	success int
 	sync.Mutex
 }
 
@@ -90,7 +91,6 @@ func (r *Runner) RunEnumeration() error {
 	start := time.Now()
 	r.displayExecutionInfo()
 
-	success := 0
 	switch {
 	case r.options.IsListAvailableCommands():
 		for _, target := range r.targets {
@@ -101,7 +101,7 @@ func (r *Runner) RunEnumeration() error {
 				if result == nil || len(commands) == 0 {
 					return
 				}
-				success++
+				r.AddSuccess()
 				result.Response = fmt.Sprintf("%s\n", strings.Join(commands, ","))
 				r.Output(result)
 			}(target)
@@ -119,7 +119,7 @@ func (r *Runner) RunEnumeration() error {
 						}
 						result.Response = color.HiYellowString(result.Response)
 
-						success++
+						r.AddSuccess()
 
 						r.Output(result)
 					}
@@ -136,7 +136,8 @@ func (r *Runner) RunEnumeration() error {
 					if result == nil || result.Response == "" {
 						continue
 					}
-					success++
+					r.AddSuccess()
+
 					r.Output(result)
 
 				}
@@ -151,7 +152,7 @@ func (r *Runner) RunEnumeration() error {
 				if !vul {
 					return
 				}
-				success++
+				r.AddSuccess()
 				if full {
 					result.Response = color.HiGreenString("The target is Vulnerable && This cab read full file contents\n") + "please use command to read full body. \n" + color.HiYellowString(fmt.Sprintf("$ CVE-2024-23897 -u %s -c %s -a /etc/passwd", target.ToString(), result.Response))
 
@@ -169,7 +170,7 @@ func (r *Runner) RunEnumeration() error {
 	elapsed := time.Since(start)
 
 	elapsedSec := float64(elapsed) / float64(time.Second)
-	gologger.Info().Msgf("took %.2f seconds with %d successful targets", elapsedSec, success)
+	gologger.Info().Msgf("took %.2f seconds with %d successful targets", elapsedSec, r.success)
 	return nil
 }