Clean the find_csrf mehtod

bug/bundler_fix
jvazquez-r7 2014-01-30 16:39:19 -06:00
parent 697a86aad7
commit 4458dc80a5
1 changed files with 14 additions and 16 deletions

View File

@ -10,6 +10,8 @@ class Metasploit3 < Msf::Exploit::Remote
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
CSRF_VAR = "CSRF_NONCE="
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE
@ -303,23 +305,19 @@ class Metasploit3 < Msf::Exploit::Remote
end
def find_csrf(res = nil)
print_status("Finding CSRF")
body=res.body
body.each_line { |ln|
return "" if res.blank?
print_status("Finding CSRF token...")
body = res.body
body.each_line do |ln|
ln.chomp!
csrf_string = "CSRF_NONCE="
csrf_nonce = ln.index(csrf_string)
csrf_test = 0
if csrf_nonce == nil
csrf_test = -1
else
csrf_test = csrf_nonce
end
if csrf_test >= 0
token = ln[csrf_nonce+csrf_string.length,32]
csrf_nonce = ln.index(CSRF_VAR)
next if csrf_nonce.nil?
token = ln[csrf_nonce + CSRF_VAR.length, 32]
return token
end
}
return ""
end