Improve 200 fail_with in wp_phpmailer_host_header

One. last. commit. Noticed this in the response body.
bug/bundler_fix
William Vu 2017-05-16 22:38:36 -05:00
parent 21e741b530
commit 1f4ff30adb
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 1 additions and 1 deletions

View File

@ -137,7 +137,7 @@ class MetasploitModule < Msf::Exploit::Remote
)
if res && !res.redirect?
if res.code == 200
if res.code == 200 && res.body.include?('login_error')
fail_with(Failure::NoAccess, 'WordPress username may be incorrect')
elsif res.code == 400 && res.headers['Server'] =~ /^Apache/
fail_with(Failure::NotVulnerable, 'HttpProtocolOptions may be Strict')