infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CSRF regular expressions as per review

unstable
Ramon de C Valle 2013-07-22 13:10:56 -03:00
parent 11ef4263a4
commit 04e9398ddd
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb
View File

@ -83,8 +83,14 @@ class Metasploit4 < Msf::Exploit::Remote
if res.headers['Location'] =~ /users\/login$/
fail_with(Exploit::Failure::UnexpectedReply, 'Failed to retrieve the CSRF token')
else
csrf_param = $1 if res.body =~ /<meta[ ]+content="(.*)"[ ]+name="csrf-param"[ ]+\/?>/
csrf_token = $1 if res.body =~ /<meta[ ]+content="(.*)"[ ]+name="csrf-token"[ ]+\/?>/
csrf_param = $1 if res.body =~ /<meta[ ]+content="(.*)"[ ]+name="csrf-param"[ ]*\/?>/i
csrf_token = $1 if res.body =~ /<meta[ ]+content="(.*)"[ ]+name="csrf-token"[ ]*\/?>/i
if csrf_param.nil? || csrf_token.nil?
csrf_param = $1 if res.body =~ /<meta[ ]+name="csrf-param"[ ]+content="(.*)"[ ]*\/?>/i
csrf_token = $1 if res.body =~ /<meta[ ]+name="csrf-token"[ ]+content="(.*)"[ ]*\/?>/i
end
fail_with(Exploit::Failure::UnexpectedReply, 'Failed to retrieve the CSRF token') if csrf_param.nil? || csrf_token.nil?
end