infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Abort if 2013 desired but redirect didn't happen

bug/bundler_fix
Jon Hart 2014-10-28 15:59:22 -07:00
parent 7ca4ba26b0
commit a5d883563d
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/auxiliary/scanner/http/owa_login.rb
View File

@ -204,7 +204,11 @@ class Metasploit3 < Msf::Auxiliary
end
#No password change required moving on.
reason = res.headers['location'].split('reason=')[1]
unless location = res.headers['location']
print_error("#{msg} No HTTP redirect. This is not OWA 2013, aborting.")
return :abort
end
reason = location.split('reason=')[1]
if reason == nil
headers['Cookie'] = 'PBack=0;' << res.get_cookies
else
@ -220,7 +224,7 @@ class Metasploit3 < Msf::Auxiliary
if cookies =~ /#{necessary_cookie}=([^;]+)/
cookie_header << "; #{Regexp.last_match(1)}"
else
print_error("#{msg} Missing #{necessary_cookie} cookie. This is not OWA 2010")
print_error("#{msg} Missing #{necessary_cookie} cookie. This is not OWA 2010, aborting")
return :abort
end
end