Fix re-initialize bug.

2014-03-05 23:27:04 -06:00 · 2014-03-05 23:27:04 -06:00 · a792f85a5f
parent 5790547d34
commit a792f85a5f
1 changed files with 5 additions and 6 deletions
--- a/lib/msf/core/exploit/remote/browser_exploit_server.rb
+++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@ -253,7 +253,7 @@ module Msf
    #
    def init_profile(tag)
      sync do
-        @target_profiles[tag] = {}
+        @target_profiles[tag] ||= {}
      end
    end

@ -293,13 +293,12 @@ module Msf
      tag = retrieve_tag(cli, request)
      target_info = get_profile(tag)
      init_profile(tag)
+      update_profile(target_info, :source, source.to_s)

      # Gathering target info from the detection stage
      case source
      when :script
        # Gathers target data from a POST request
-        vprint_status("Setting source to :script.")
-        update_profile(target_info, :source, 'script')
        parsed_body = CGI::parse(Rex::Text.decode_base64(request.body) || '')
        vprint_status("Received sniffed browser data over POST: \n#{parsed_body}.")
        parsed_body.each { |k, v| update_profile(target_info, k.to_sym, v.first) }
@ -310,7 +309,6 @@ module Msf
        # Module has all the info it needs, ua_string is kind of pointless.
        # Kill this to save space.
        fp.delete(:ua_string)
-        update_profile(target_info, :source, 'headers')
        fp.each do |k, v|
          update_profile(target_info, k.to_sym, v)
        end
@ -391,7 +389,7 @@ module Msf

        var query = objToQuery(d);
        postInfo("<%=get_resource.chomp("/")%>/<%=@info_receiver_page%>/", query, function(){
-          
+          window.location="<%= get_module_resource %>";
        });
      }
      |).result(binding())
@ -466,6 +464,7 @@ module Msf
        # on_request_exploit() to get the target information
        #
        tag = retrieve_tag(cli, request)
+        vprint_status("Serving exploit to user with tag #{tag}")
        profile = get_profile(tag)
        if profile.nil?
          print_status("Browsing directly to the exploit URL is forbidden.")
@ -475,7 +474,7 @@ module Msf
          send_not_found(cli)
        else
          update_profile(profile, :tried, true)
-          print_status("Setting target \"#{tag}\" to :tried.")
+          vprint_status("Setting target \"#{tag}\" to :tried.")
          try_set_target(profile)
          bad_reqs = get_bad_requirements(profile)
          if bad_reqs.empty?