From 1ecef265a10f0e452eee30e9a577dd66284b34c7 Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Thu, 30 Jun 2016 11:21:45 -0500
Subject: [PATCH] Do a fail_with in case nonce is not found at all

---
 .../wp_ninja_forms_unauthenticated_file_upload.rb      | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb b/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
index ea20269ef1..15a045a743 100644
--- a/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
@@ -106,12 +106,18 @@ class MetasploitModule < Msf::Exploit::Remote
     )
 
     unless res && res.code == 200
-      fail_with Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}"
+      fail_with(Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}")
     end
 
     form_wpnonce = res.get_hidden_inputs.first['_wpnonce']
 
-    res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce
+    nonce = res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce
+
+    unless nonce
+      fail_with(Failure::Unknown, 'Cannot find wpnonce or ajaxNonce from FORM_PATH')
+    end
+
+    nonce
   end
 
   def upload_payload(data)