Refactor send_request_cgi_follow_redirect

2014-02-03 21:49:49 +00:00 · 2014-02-03 21:49:49 +00:00 · a8ff6eb429
parent 83925da2f1
commit a8ff6eb429
2 changed files with 42 additions and 37 deletions
--- a/lib/msf/core/exploit/http/client.rb
+++ b/lib/msf/core/exploit/http/client.rb
@ -268,52 +268,57 @@ module Exploit::Remote::HttpClient
    end
  end

+
+  # Connects to the server, creates a request, sends the request,
+  # reads the response
  #
-  # Connects to the server, creates a request, sends the request, reads the response
-  #
-  # Passes +opts+ through directly to Rex::Proto::Http::Client#request_cgi unless
-  # follow_redirect is true and the server responds with 30x.
-  # If the client is redirected +opts+ will be updated to reflect
-  # the redirect location and +opts['redirect_uri']+ will contain the full URI.
-  #
+  # Passes +opts+ through directly to Rex::Proto::Http::Client#request_cgi.
  #
  def send_request_cgi(opts={}, timeout = 20)
-    opts['redirect_depth'] ||= 1
-    t = opts[:timeout] ? opts[:timeout] : timeout
    begin
      c = connect(opts)
      r = c.request_cgi(opts)
-      response = c.send_recv(r, t)
-
-      if opts['follow_redirect'] && (opts['redirect_depth'] > 0)
-        opts['redirect_depth'] -= 1
-
-        if response
-          code = response.code
-
-          if code == 301 || code == 302 || code == 303 || code == 307 || code == 308
-            location = URI(response.headers['Location'])
-            opts['redirect_uri'] = location
-            opts['uri'] = location.path
-            opts['rhost'] = location.host
-            opts['vhost'] = location.host
-            opts['rport'] = location.port
-
-            if location.scheme == 'https'
-              opts['ssl'] = true
-            end
-
-            return send_request_cgi(opts, t)
-          end
-        end
-      end
-
-      response
+      c.send_recv(r, opts[:timeout] ? opts[:timeout] : timeout)
    rescue ::Errno::EPIPE, ::Timeout::Error
      nil
    end
  end

+  #
+  # Connects to the server, creates a request, sends the request, reads the response
+  # if a redirect (HTTP 30x response) is received it will attempt to follow the
+  # direct and retrieve that URI.
+  #
+  # The +opts+ will be updated to the updated location and +opts['redirect_uri']+
+  # will contain the full URI.
+  #
+  def send_request_cgi_follow_redirect(opts={}, timeout = 20, redirect_depth = 1)
+    response = send_request_cgi(opts, timeout)
+
+    if response && redirect_depth > 0
+      redirect_depth -= 1
+
+      code = response.code
+
+      if code == 301 || code == 302 || code == 303 || code == 307 || code == 308
+        location = URI(response.headers['Location'])
+        opts['redirect_uri'] = location
+        opts['uri'] = location.path
+        opts['rhost'] = location.host
+        opts['vhost'] = location.host
+        opts['rport'] = location.port
+
+        if location.scheme == 'https'
+          opts['ssl'] = true
+        end
+
+        return send_request_cgi_follow_redirect(opts, timeout, redirect_depth)
+      end
+    end
+
+    response
+  end
+
  #
  # Combine the user/pass into an auth string for the HTTP Client
  #
--- a/modules/exploits/multi/http/mediawiki_djvu.rb
+++ b/modules/exploits/multi/http/mediawiki_djvu.rb
@ -59,9 +59,9 @@ class Metasploit3 < Msf::Exploit::Remote
  def check
    uri = target_uri.path

-    opts = { 'uri' => uri, 'follow_redirect' => true }
+    opts = { 'uri' => uri }

-    response = send_request_cgi(opts)
+    response = send_request_cgi_follow_redirect(opts)

    if opts['redirect_uri']
      vprint_status("Redirected to #{opts['redirect_uri']}.")