diff --git a/modules/exploits/multi/http/mediawiki_djvu.rb b/modules/exploits/multi/http/mediawiki_djvu.rb index c396f2578f..b9727a8e18 100644 --- a/modules/exploits/multi/http/mediawiki_djvu.rb +++ b/modules/exploits/multi/http/mediawiki_djvu.rb @@ -141,7 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote wp_login_token = get_token_value(response_html, 'wpLoginToken') unless wp_login_token - fail_with(Failure::NotFound, "Couldn't find login token. Is URI set correctly?") + fail_with(Failure::UnexpectedReply, "Couldn't find login token. Is URI set correctly?") else print_good("Retrieved login CSRF token.") end @@ -167,7 +167,7 @@ class Metasploit3 < Msf::Exploit::Remote if login and login.code == 302 print_good("Log in successful.") else - fail_with(Failure::NotFound, "Failed to log in.") + fail_with(Failure::NoAccess, "Failed to log in.") end auth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','') @@ -188,7 +188,7 @@ class Metasploit3 < Msf::Exploit::Remote title = get_token_value(upload_file_html, 'title') unless wp_edit_token - fail_with(Failure::NotFound, "Couldn't find upload token. Is URI set correctly?") + fail_with(Failure::UnexpectedReply, "Couldn't find upload token. Is URI set correctly?") else print_good("Retrieved upload CSRF token.") end @@ -223,7 +223,11 @@ class Metasploit3 < Msf::Exploit::Remote location = upload.headers['Location'] print_good("File uploaded to #{location}") else - fail_with(Failure::Unknown, "Failed to upload file.") + if upload.body.include? 'not a permitted file type' + fail_with(Failure::NotVulnerable, "Wiki is not configured for DjVu files.") + else + fail_with(Failure::UnexpectedReply, "Failed to upload file.") + end end random_page = rand_text_alpha(8) @@ -239,7 +243,7 @@ class Metasploit3 < Msf::Exploit::Remote }) unless random_edit and random_edit.code == 200 - fail_with(Failure::Unknown, "Failed to open target edit page: #{random_page}.") + fail_with(Failure::NotFound, "Failed to open target edit page: #{random_page}.") end random_html = Nokogiri::HTML(random_edit.body) @@ -255,7 +259,7 @@ class Metasploit3 < Msf::Exploit::Remote if wp_edit_token print_good("Retrieved edit CSRF token.") else - fail_with(Failure::Unknown, "Failed to retrieve edit CSRF token.") + fail_with(Failure::UnexpectedReply, "Failed to retrieve edit CSRF token.") end edit_mime = Rex::MIME::Message.new @@ -284,7 +288,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 1) if edit - print_error("Payload probably failed...") + fail_with(Failure::PayloadFailed, "Server responded to edit request (Not expected).") end end