Skip to content

Commit 0273f14

Browse files
jheysel-r7jheysel-r7
committed
Added incorrect creds check
1 parent 8130316 commit 0273f14

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

modules/exploits/linux/http/pivotx_index_php_overwrite.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,8 @@ def login
9090
'keep_cookies' => true
9191
})
9292

93-
fail_with(Failure::NoAccess, 'Login failed, probably incorrect credentials') unless (res&.code == 200 || res&.code == 302) && res.get_cookies =~ /pivotxsession=([a-zA-Z0-9]+);/
93+
fail_with(Failure::NoAccess, 'Login failed, incorrect username/password') if res&.get_html_document&.at("//script[contains(., 'Incorrect username/password')]")
94+
fail_with(Failure::Unknown, 'Login failed, unable to pivotxsession cookie') unless (res&.code == 200 || res&.code == 302) && res.get_cookies =~ /pivotxsession=([a-zA-Z0-9]+);/
9495

9596
@csrf_token = Regexp.last_match(1)
9697
end

0 commit comments

Comments
 (0)