infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean the find_csrf mehtod

bug/bundler_fix
jvazquez-r7 2014-01-30 16:39:19 -06:00
parent 697a86aad7
commit 4458dc80a5
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/exploits/multi/http/tomcat_mgr_upload.rb
View File

@ -10,6 +10,8 @@ class Metasploit3 < Msf::Exploit::Remote
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] } HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
CSRF_VAR = "CSRF_NONCE="
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE include Msf::Exploit::EXE
@ -303,23 +305,19 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def find_csrf(res = nil) def find_csrf(res = nil)
print_status("Finding CSRF") return "" if res.blank?
print_status("Finding CSRF token...")
body = res.body body = res.body
body.each_line { |ln|
body.each_line do |ln|
ln.chomp! ln.chomp!
csrf_string = "CSRF_NONCE=" csrf_nonce = ln.index(CSRF_VAR)
csrf_nonce = ln.index(csrf_string) next if csrf_nonce.nil?
csrf_test = 0 token = ln[csrf_nonce + CSRF_VAR.length, 32]
if csrf_nonce == nil
csrf_test = -1
else
csrf_test = csrf_nonce
end
if csrf_test >= 0
token = ln[csrf_nonce+csrf_string.length,32]
return token return token
end end
}
return "" return ""
end end