infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implented feedback from @jhart-r7

bug/bundler_fix
Christian Mehlmauer 2014-07-22 19:49:58 +02:00
parent baff003ecc
commit a6479a77d6
No known key found for this signature in database
GPG Key ID: BCFF4FA966BC32C7
9 changed files with 18 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/msf/http/wordpress.rb
View File

@ -1,4 +1,3 @@
# encoding: UTF-8
# -*- coding: binary -*-
# This module provides a way of interacting with wordpress installations

18
lib/msf/http/wordpress/base.rb
View File

@ -1,4 +1,3 @@
# encoding: UTF-8
# -*- coding: binary -*-
module Msf::HTTP::Wordpress::Base
@ -10,16 +9,15 @@ module Msf::HTTP::Wordpress::Base
'method' => 'GET',
'uri' => normalize_uri(target_uri.path)
)
return res if res &&
res.code == 200 &&
(
res.body =~ /["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i ||
res.body =~ /<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i ||
res.body =~ /<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
)
wordpress_detect_regexes = [
/["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i,
/<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i,
/<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
]
return res if res && res.code == 200 && res.body && wordpress_detect_regexes.any? { |r| res.body =~ r }
return nil
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
print_error("#{peer} - Error connecting to #{target_uri}")
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
print_error("#{peer} - Error connecting to #{target_uri}: #{e}")
return nil
end
end

8
lib/msf/http/wordpress/helpers.rb
View File

@ -49,7 +49,7 @@ module Msf::HTTP::Wordpress::Helpers
options.merge!({'vars_post' => vars_post})
options.merge!({'cookie' => login_cookie}) if login_cookie
res = send_request_cgi(options)
if res and (res.code == 301 or res.code == 302) and res.headers['Location']
if res and res.redirect? and res.redirection
return wordpress_helper_parse_location_header(res)
else
message = "#{peer} - Post comment failed."
@ -101,7 +101,7 @@ module Msf::HTTP::Wordpress::Helpers
else
return res.body
end
elsif res and (res.code == 301 or res.code == 302) and res.headers['Location']
elsif res && res.redirect? && res.redirection
path = wordpress_helper_parse_location_header(res)
return wordpress_helper_check_post_id(path, comments_enabled, login_cookie)
end
@ -113,9 +113,9 @@ module Msf::HTTP::Wordpress::Helpers
# @param res [Rex::Proto::Http::Response] The HTTP response
# @return [String,nil] the path and query, nil on error
def wordpress_helper_parse_location_header(res)
return nil unless res and (res.code == 301 or res.code == 302) and res.headers['Location']
return nil unless res && res.redirect? && res.redirection
location = res.headers['Location']
location = res.redirection
path_from_uri(location)
end

3
lib/msf/http/wordpress/login.rb
View File

@ -1,4 +1,3 @@
# encoding: UTF-8
# -*- coding: binary -*-
module Msf::HTTP::Wordpress::Login
@ -15,7 +14,7 @@ module Msf::HTTP::Wordpress::Login
'vars_post' => wordpress_helper_login_post_data(user, pass, redirect)
)
if res && (res.code == 301 || res.code == 302) && res.headers['Location'] == redirect
if res && res.redirect? && res.redirection == redirect
cookies = res.get_cookies
# Check if a valid wordpress cookie is returned
return cookies if

2
lib/msf/http/wordpress/posts.rb
View File

@ -112,7 +112,7 @@ module Msf::HTTP::Wordpress::Posts
count = max_redirects
# Follow redirects
while (res.code == 301 || res.code == 302) and res.headers['Location'] and count != 0
while res.redirect? && res.redirection && count != 0
path = wordpress_helper_parse_location_header(res)
return nil unless path

2
lib/msf/http/wordpress/users.rb
View File

@ -33,7 +33,7 @@ module Msf::HTTP::Wordpress::Users
'uri' => url
})
if res and res.code == 301
if res and res.redirect?
uri = wordpress_helper_parse_location_header(res)
return nil unless uri
# try to extract username from location

4
lib/msf/http/wordpress/version.rb
View File

@ -1,4 +1,3 @@
# encoding: UTF-8
# -*- coding: binary -*-
module Msf::HTTP::Wordpress::Version
@ -88,7 +87,7 @@ module Msf::HTTP::Wordpress::Version
when :theme
folder = 'themes'
else
fail("Unknown type #{type}")
fail("Unknown readme type #{type}")
end
readme_url = normalize_uri(target_uri.path, wp_content_dir, folder, name, 'readme.txt')
@ -121,7 +120,6 @@ module Msf::HTTP::Wordpress::Version
# Not in range, nut vulnerable
return Msf::Exploit::CheckCode::Safe
end
return
# version newer than fixed version
else
return Msf::Exploit::CheckCode::Safe

6
modules/exploits/unix/webapp/wp_wptouch_file_upload.rb
View File

@ -1,5 +1,3 @@
# encoding: UTF-8
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
@ -72,8 +70,8 @@ class Metasploit3 < Msf::Exploit::Remote
)
# forward to profile.php or other page?
if res && res.code.to_s =~ /30[0-9]/ && res.headers['Location']
location = res.headers['Location']
if res && res.redirect? && res.redirection
location = res.redirection
print_status("#{peer} - Following redirect to #{location}")
res = send_request_cgi(
'uri' => location,

2
modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb
View File

@ -1,5 +1,3 @@
# encoding: UTF-8
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework