From e78d3d6bf008de6e091277c99ce9720cc7287c0a Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Tue, 11 Oct 2016 13:56:35 -0500
Subject: [PATCH] Fix erroneous cred reporting in SonicWALL exploit

A session ID will be returned in the parsed JSON if the login succeeded.

Bad user:

{"noldapnouser"=>1, "loginfailed"=>1}

Bad password:

{"loginfailed"=>1}

Good user/password:

{"userid"=>"1", "sessionid"=>"4WJ9cNg1TkBrwjzX"}
---
 .../multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb b/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb
index 123d2b2b02..2a3abeb8af 100644
--- a/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb
+++ b/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb
@@ -180,10 +180,10 @@ class MetasploitModule < Msf::Exploit::Remote
       fail_with(Failure::NoAccess, "Username '#{datastore['USERNAME']}' is incorrect.")
     elsif res['loginfailed']
       fail_with(Failure::NoAccess, "Password '#{datastore['PASSWORD']}' is incorrect.")
+    elsif res['sessionid']
+      report_cred(datastore['USERNAME'], datastore['PASSWORD'])
     end
 
-    report_cred(datastore['USERNAME'], datastore['PASSWORD'])
-
     res
   end