From 8a2236ecbbc5275671f1253d04551fe017bd7dbb Mon Sep 17 00:00:00 2001 From: William Vu Date: Thu, 29 May 2014 04:42:49 -0500 Subject: [PATCH] Fix the last of the Set-Cookie msftidy warnings --- modules/auxiliary/crawler/msfcrawler.rb | 5 ----- modules/auxiliary/scanner/http/crawler.rb | 4 ++-- .../exploits/multi/http/dexter_casinoloader_exec.rb | 10 +++++----- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/modules/auxiliary/crawler/msfcrawler.rb b/modules/auxiliary/crawler/msfcrawler.rb index fbd7ec2175..27c3e2e3e4 100644 --- a/modules/auxiliary/crawler/msfcrawler.rb +++ b/modules/auxiliary/crawler/msfcrawler.rb @@ -258,11 +258,6 @@ class Metasploit3 < Msf::Auxiliary # In case modules or crawler calls to_s on de-chunked responses # resp.transfer_chunked = false - if resp['Set-Cookie'] - #puts "Set Cookie: #{resp['Set-Cookie']}" - #puts "Storing in cookie jar for host:port #{reqopts['rhost']}:#{reqopts['rport']}" - #$cookiejar["#{reqopts['rhost']}:#{reqopts['rport']}"] = resp['Set-Cookie'] - end if datastore['StoreDB'] storedb(reqopts,resp,$dbpathmsf) diff --git a/modules/auxiliary/scanner/http/crawler.rb b/modules/auxiliary/scanner/http/crawler.rb index 344cf57458..0915ee3da3 100644 --- a/modules/auxiliary/scanner/http/crawler.rb +++ b/modules/auxiliary/scanner/http/crawler.rb @@ -104,8 +104,8 @@ class Metasploit3 < Msf::Auxiliary info[:ctype] = page.headers['content-type'] end - if page.headers['set-cookie'] - info[:cookie] = page.headers['set-cookie'] + if !page.get_cookies.empty? + info[:cookie] = page.get_cookies end if page.headers['authorization'] diff --git a/modules/exploits/multi/http/dexter_casinoloader_exec.rb b/modules/exploits/multi/http/dexter_casinoloader_exec.rb index 9e4e795987..f7844589e7 100644 --- a/modules/exploits/multi/http/dexter_casinoloader_exec.rb +++ b/modules/exploits/multi/http/dexter_casinoloader_exec.rb @@ -79,8 +79,8 @@ class Metasploit3 < Msf::Exploit::Remote 'page' => Rex::Text.encode_base64("' AND 1=2 UNION ALL SELECT 1," + column + ",3 FROM " + table + " LIMIT 1 OFFSET " + row.to_s + " -- --") } }) - if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=') - return Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1]))[1..-3] + if res and !res.get_cookies.empty? and res.get_cookies.start_with?('response=') + return Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1]))[1..-3] end return false end @@ -96,8 +96,8 @@ class Metasploit3 < Msf::Exploit::Remote } }) - if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=') and - Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false + if res and !res.get_cookies.empty? and res.get_cookies.start_with?('response=') and + Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false return Exploit::CheckCode::Vulnerable end return Exploit::CheckCode::Safe @@ -167,4 +167,4 @@ class Metasploit3 < Msf::Exploit::Remote return end end -end \ No newline at end of file +end