infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix the last of the Set-Cookie msftidy warnings

bug/bundler_fix
William Vu 2014-05-29 04:42:49 -05:00
parent 3f86aebabf
commit 8a2236ecbb
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
3 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/auxiliary/crawler/msfcrawler.rb
View File

@ -258,11 +258,6 @@ class Metasploit3 < Msf::Auxiliary
# In case modules or crawler calls to_s on de-chunked responses
#
resp.transfer_chunked = false
if resp['Set-Cookie']
#puts "Set Cookie: #{resp['Set-Cookie']}"
#puts "Storing in cookie jar for host:port #{reqopts['rhost']}:#{reqopts['rport']}"
#$cookiejar["#{reqopts['rhost']}:#{reqopts['rport']}"] = resp['Set-Cookie']
end
if datastore['StoreDB']
storedb(reqopts,resp,$dbpathmsf)

4
modules/auxiliary/scanner/http/crawler.rb
View File

@ -104,8 +104,8 @@ class Metasploit3 < Msf::Auxiliary
info[:ctype] = page.headers['content-type']
end
if page.headers['set-cookie']
info[:cookie] = page.headers['set-cookie']
if !page.get_cookies.empty?
info[:cookie] = page.get_cookies
end
if page.headers['authorization']

10
modules/exploits/multi/http/dexter_casinoloader_exec.rb
View File

@ -79,8 +79,8 @@ class Metasploit3 < Msf::Exploit::Remote
'page' => Rex::Text.encode_base64("' AND 1=2 UNION ALL SELECT 1," + column + ",3 FROM " + table + " LIMIT 1 OFFSET " + row.to_s + " -- --")
}
})
if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=')
return Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1]))[1..-3]
if res and !res.get_cookies.empty? and res.get_cookies.start_with?('response=')
return Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1]))[1..-3]
end
return false
end
@ -96,8 +96,8 @@ class Metasploit3 < Msf::Exploit::Remote
}
})
if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=') and
Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
if res and !res.get_cookies.empty? and res.get_cookies.start_with?('response=') and
Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe
@ -167,4 +167,4 @@ class Metasploit3 < Msf::Exploit::Remote
return
end
end
end
end