Fixes #2043. Thanks Heyder!

git-svn-id: file:///home/svn/framework3/trunk@9453 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-08 21:14:19 +00:00 · 2010-06-08 21:14:19 +00:00 · 1500858d2d
parent 38674cf62f
commit 1500858d2d
1 changed files with 8 additions and 1 deletions
--- a/modules/auxiliary/scanner/http/http_login.rb
+++ b/modules/auxiliary/scanner/http/http_login.rb
@ -160,17 +160,24 @@ class Metasploit3 < Msf::Auxiliary
 			any_user = false
 			any_pass = false
 			vprint_status("#{target_url} - Trying random username with password:'#{pass}'")
 			any_user  = do_http_login(Rex::Text.rand_text_alpha(8), pass, @scheme)
 			vprint_status("#{target_url} - Trying username:'#{user}' with random password")
 			any_pass  = do_http_login(user, Rex::Text.rand_text_alpha(8), @scheme)
 			if any_user == :success
 				user = "anyuser"
 				print_status("#{target_url} - Any username with password '#{pass}' is allowed")
 			else
 				print_status("#{target_url} - Random usernames are not allowed.")
 			end
 			if any_pass == :success
 				pass = "anypass"
 				print_status("#{target_url} - Any password with username '#{user}' is allowed")
 			else
 				print_status("#{target_url} - Random passwords are not allowed.")
 			end
 			report_auth_info(
@ -184,7 +191,7 @@ class Metasploit3 < Msf::Auxiliary
 				:critical => true
 			)
-			return :abort if (any_user or any_pass)
+			return :abort if ([any_user,any_pass].include? :success)
 			return :next_user
 		else
 			vprint_error("#{target_url} - Failed to login as '#{user}'")