Skip to content

Commit 834e499

Browse files
msutovsky-r7msutovsky-r7
committed
Adding check for presence of logout token
1 parent 09db1f4 commit 834e499

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

lib/metasploit/framework/login_scanner/ivanti_login.rb

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,11 @@ def do_admin_logout(cookies)
3737
admin_page_res = send_request({ 'method' => 'GET', 'uri' => normalize_uri('/dana-admin/misc/admin.cgi?'), 'cookie' => cookies })
3838
admin_page_s = admin_page_res.to_s
3939
re = /xsauth=[a-z0-9]{32}/
40-
xsauth = re.match(admin_page_s)[0]
41-
send_request({ 'method' => 'GET', 'uri' => normalize_uri('/dana-na/auth/logout.cgi?' + xsauth), 'cookie' => cookies })
40+
xsauth = re.match(admin_page_s)
41+
42+
return nil if xsauth.nil?
43+
44+
send_request({ 'method' => 'GET', 'uri' => normalize_uri('/dana-na/auth/logout.cgi?' + xsauth[0]), 'cookie' => cookies })
4245
end
4346

4447
def get_token

0 commit comments

Comments
 (0)