Land #3979, @wchen-r7 fixes #3976, http_login not using TARGETURI, neither uri normalization

2014-10-20 18:10:57 -05:00 · 2014-10-20 18:10:57 -05:00 · d6f4c02c2a
parent f886ab6f97 d366cdcd6e
commit d6f4c02c2a
1 changed files with 23 additions and 2 deletions
--- a/modules/auxiliary/scanner/http/http_login.rb
+++ b/modules/auxiliary/scanner/http/http_login.rb
@ -54,8 +54,17 @@ class Metasploit3 < Msf::Auxiliary
    register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ])
  end

-  def find_auth_uri
+  def to_uri(uri)
+    begin
+      # In case TARGETURI is empty, at least we default to '/'
+      uri = "/" if uri.blank?
+      URI(uri)
+    rescue ::URI::InvalidURIError
+      raise RuntimeError, "Invalid URI: #{uri}"
+    end
+  end

+  def find_auth_uri
    if datastore['AUTH_URI'].present?
      paths = [datastore['AUTH_URI']]
    else
@ -69,8 +78,20 @@ class Metasploit3 < Msf::Auxiliary
    end

    paths.each do |path|
+      uri = ''
+
+      begin
+        uri = to_uri(path)
+      rescue RuntimeError => e
+        # Bad URI so we will not try to request it
+        print_error(e.message)
+        next
+      end
+
+      uri = normalize_uri(uri.path)
+
      res = send_request_cgi({
-        'uri'     => path,
+        'uri'     => uri,
        'method'  => datastore['REQUESTTYPE'],
        'username' => '',
        'password' => ''