infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary ||= and ivars.

bug/bundler_fix
joev 2014-07-10 16:06:28 -05:00
parent e0389dfbc3
commit b8225ae2dc
No known key found for this signature in database
GPG Key ID: 127B05FB3E85A2B0
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb
View File

@ -65,6 +65,7 @@ class Metasploit3 < Msf::Auxiliary
end end
def check def check
test_string = Rex::Text.rand_text_alphanumeric(encoded_swf.length)
io = open(exploit_url(test_string)) io = open(exploit_url(test_string))
if io.read.start_with? test_string if io.read.start_with? test_string
Msf::Exploit::CheckCode::Vulnerable Msf::Exploit::CheckCode::Vulnerable
@ -92,12 +93,6 @@ class Metasploit3 < Msf::Auxiliary
end end
end end
# Generates an alphanumeric test string for checking that the JSONP endpoint
# allows for long enough callback function names.
def test_string
@test_string ||= Rex::Text.rand_text_alphanumeric(encoded_swf.length)
end
def exploit_url(data_payload) def exploit_url(data_payload)
delimiter = if datastore['JSONP_URL'].include?('?') then '&' else '?' end delimiter = if datastore['JSONP_URL'].include?('?') then '&' else '?' end
"#{datastore['JSONP_URL']}#{delimiter}#{datastore['CALLBACK']}=#{data_payload}" "#{datastore['JSONP_URL']}#{delimiter}#{datastore['CALLBACK']}=#{data_payload}"