infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean the find_csrf mehtod

bug/bundler_fix
jvazquez-r7 2014-01-30 16:39:19 -06:00
parent 697a86aad7
commit 4458dc80a5
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
modules/exploits/multi/http/tomcat_mgr_upload.rb
View File

@ -10,6 +10,8 @@ class Metasploit3 < Msf::Exploit::Remote
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] } HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
CSRF_VAR = "CSRF_NONCE="
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE include Msf::Exploit::EXE
@ -303,23 +305,19 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def find_csrf(res = nil) def find_csrf(res = nil)
print_status("Finding CSRF") return "" if res.blank?
body=res.body
body.each_line { |ln| print_status("Finding CSRF token...")
body = res.body
body.each_line do |ln|
ln.chomp! ln.chomp!
csrf_string = "CSRF_NONCE=" csrf_nonce = ln.index(CSRF_VAR)
csrf_nonce = ln.index(csrf_string) next if csrf_nonce.nil?
csrf_test = 0 token = ln[csrf_nonce + CSRF_VAR.length, 32]
if csrf_nonce == nil return token
csrf_test = -1 end
else
csrf_test = csrf_nonce
end
if csrf_test >= 0
token = ln[csrf_nonce+csrf_string.length,32]
return token
end
}
return "" return ""
end end