fixup! Adding Module for Postfixadmin CVE-2017-5930

Add error handling if request fails Fix a typo in doc, add default value to doc
2017-12-30 13:03:36 +01:00 · 2017-12-30 13:03:36 +01:00 · 7f3df74134
parent 289e887895
commit 7f3df74134
1 changed files with 3 additions and 2 deletions
--- a/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb
+++ b/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb
@ -87,6 +87,7 @@ class MetasploitModule < Msf::Auxiliary

    vprint_status('Requesting virtual_list')
    res = send_request_cgi({'uri' => postfixadmin_url_list(target_alias.split("@")[-1]), 'method' => 'GET', 'cookie' => cookie }, 10)
+    fail_with(Failure::UnexpectedReply, 'The request for the domain list failed') if res.nil?
    fail_with(Failure::NoAccess, 'Doesn\'t seem to be admin for the domain the target alias is in') if res.redirect?
    body = res.body
    vprint_status('Get token')
@ -144,9 +145,9 @@ class MetasploitModule < Msf::Auxiliary
  #
  # @param user [String] Username
  # @param pass [String] Password
-  # @param timeout [Integer] Max seconds to wait before timeout
+  # @param timeout [Integer] Max seconds to wait before timeout, defaults to 20
  #
-  # @return [String, nil] The session cocie as single string if login was successful, nil otherwise
+  # @return [String, nil] The session cookie as single string if login was successful, nil otherwise
  def postfixadmin_login(user, pass, timeout = 20)
    res = send_request_cgi({
      'method' => 'POST',