Fix: Ensure api_list returns a list even when created during execution

heyder · heyder · commit d5f0c6108c7f · 2024-12-05T14:34:20.000+01:00
diff --git a/modules/exploits/multi/http/wso2_api_manager_file_upload_rce.rb b/modules/exploits/multi/http/wso2_api_manager_file_upload_rce.rb
@@ -146,17 +146,18 @@ def check
   end
 
   def authenticate
-    nounce = nil
+    vprint_status('Authenticating...')
     res = send_request_cgi(
       'uri' => normalize_uri(target_uri.path, '/publisher/services/auth/login'),
       'method' => 'GET',
       'keep_cookies' => true
     )
 
-    loop_dectector = 0
-
     fail_with(Failure::UnexpectedReply, 'Failed to authenticate') unless res
 
+    nounce = nil
+    loop_dectector = 0
+
     while res.redirect?
       loop_dectector += 1
       res = send_request_cgi(
@@ -237,7 +238,7 @@ def list_product_api
     if api_list.empty?
       print_error('No Products API available')
       print_status('Trying to create an API...')
-      api_list = create_product_api
+      api_list = [create_product_api]
     end
 
     return api_list
@@ -326,6 +327,7 @@ def create_product_api
     fail_with(Failure::UnexpectedReply, 'Failed to create API Product') unless res&.code == 201
 
     print_good('API Product created successfully')
+
     return res.get_json_document
   end
 
