Refactor send_request_cgi_follow_redirect
parent
83925da2f1
commit
a8ff6eb429
|
@ -268,52 +268,57 @@ module Exploit::Remote::HttpClient
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# Connects to the server, creates a request, sends the request,
|
||||||
|
# reads the response
|
||||||
#
|
#
|
||||||
# Connects to the server, creates a request, sends the request, reads the response
|
# Passes +opts+ through directly to Rex::Proto::Http::Client#request_cgi.
|
||||||
#
|
|
||||||
# Passes +opts+ through directly to Rex::Proto::Http::Client#request_cgi unless
|
|
||||||
# follow_redirect is true and the server responds with 30x.
|
|
||||||
# If the client is redirected +opts+ will be updated to reflect
|
|
||||||
# the redirect location and +opts['redirect_uri']+ will contain the full URI.
|
|
||||||
#
|
|
||||||
#
|
#
|
||||||
def send_request_cgi(opts={}, timeout = 20)
|
def send_request_cgi(opts={}, timeout = 20)
|
||||||
opts['redirect_depth'] ||= 1
|
|
||||||
t = opts[:timeout] ? opts[:timeout] : timeout
|
|
||||||
begin
|
begin
|
||||||
c = connect(opts)
|
c = connect(opts)
|
||||||
r = c.request_cgi(opts)
|
r = c.request_cgi(opts)
|
||||||
response = c.send_recv(r, t)
|
c.send_recv(r, opts[:timeout] ? opts[:timeout] : timeout)
|
||||||
|
|
||||||
if opts['follow_redirect'] && (opts['redirect_depth'] > 0)
|
|
||||||
opts['redirect_depth'] -= 1
|
|
||||||
|
|
||||||
if response
|
|
||||||
code = response.code
|
|
||||||
|
|
||||||
if code == 301 || code == 302 || code == 303 || code == 307 || code == 308
|
|
||||||
location = URI(response.headers['Location'])
|
|
||||||
opts['redirect_uri'] = location
|
|
||||||
opts['uri'] = location.path
|
|
||||||
opts['rhost'] = location.host
|
|
||||||
opts['vhost'] = location.host
|
|
||||||
opts['rport'] = location.port
|
|
||||||
|
|
||||||
if location.scheme == 'https'
|
|
||||||
opts['ssl'] = true
|
|
||||||
end
|
|
||||||
|
|
||||||
return send_request_cgi(opts, t)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
response
|
|
||||||
rescue ::Errno::EPIPE, ::Timeout::Error
|
rescue ::Errno::EPIPE, ::Timeout::Error
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Connects to the server, creates a request, sends the request, reads the response
|
||||||
|
# if a redirect (HTTP 30x response) is received it will attempt to follow the
|
||||||
|
# direct and retrieve that URI.
|
||||||
|
#
|
||||||
|
# The +opts+ will be updated to the updated location and +opts['redirect_uri']+
|
||||||
|
# will contain the full URI.
|
||||||
|
#
|
||||||
|
def send_request_cgi_follow_redirect(opts={}, timeout = 20, redirect_depth = 1)
|
||||||
|
response = send_request_cgi(opts, timeout)
|
||||||
|
|
||||||
|
if response && redirect_depth > 0
|
||||||
|
redirect_depth -= 1
|
||||||
|
|
||||||
|
code = response.code
|
||||||
|
|
||||||
|
if code == 301 || code == 302 || code == 303 || code == 307 || code == 308
|
||||||
|
location = URI(response.headers['Location'])
|
||||||
|
opts['redirect_uri'] = location
|
||||||
|
opts['uri'] = location.path
|
||||||
|
opts['rhost'] = location.host
|
||||||
|
opts['vhost'] = location.host
|
||||||
|
opts['rport'] = location.port
|
||||||
|
|
||||||
|
if location.scheme == 'https'
|
||||||
|
opts['ssl'] = true
|
||||||
|
end
|
||||||
|
|
||||||
|
return send_request_cgi_follow_redirect(opts, timeout, redirect_depth)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
response
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Combine the user/pass into an auth string for the HTTP Client
|
# Combine the user/pass into an auth string for the HTTP Client
|
||||||
#
|
#
|
||||||
|
|
|
@ -59,9 +59,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
def check
|
def check
|
||||||
uri = target_uri.path
|
uri = target_uri.path
|
||||||
|
|
||||||
opts = { 'uri' => uri, 'follow_redirect' => true }
|
opts = { 'uri' => uri }
|
||||||
|
|
||||||
response = send_request_cgi(opts)
|
response = send_request_cgi_follow_redirect(opts)
|
||||||
|
|
||||||
if opts['redirect_uri']
|
if opts['redirect_uri']
|
||||||
vprint_status("Redirected to #{opts['redirect_uri']}.")
|
vprint_status("Redirected to #{opts['redirect_uri']}.")
|
||||||
|
|
Loading…
Reference in New Issue