resolved: changes updated methods

happybear-21 · happybear-21 · commit 03e943726a3a · 2025-07-01T21:33:41.000+05:30
diff --git a/modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb b/modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
@@ -73,9 +73,9 @@ def initialize(info = {})
 
   def check
     print_status('Checking if the target is ISPConfig...')
+    return CheckCode::Unknown('Failed to login') unless authenticate
     # Always try to log in and parse version, since credentials are required
     # cookie_jar.clear (handled in exploit)
-    return CheckCode::Safe unless authenticate
     # Try to access the dashboard or settings page
     settings_res = send_request_cgi({
       'method' => 'GET',
@@ -111,16 +111,14 @@ def authenticate
       },
       'keep_cookies' => true
     })
-    fail_with(Failure::NoAccess, 'Login request failed') unless res
+    return false unless res
     if res&.code == 302
       res = send_request_cgi({
         'method' => 'GET',
          'uri' => normalize_uri(target_uri.path, 'login/',res&.headers.fetch('Location',nil))
       })
     end
-    if res.body.match(/Username or Password wrong/i)
-      fail_with(Failure::NoAccess, 'Login failed: Invalid credentials')
-    end
+    return false if res.body.match(/Username or Password wrong/i)
     if res.headers.fetch('Location',nil)&.include?('admin') ||
        res.body.downcase.include?('dashboard')
       print_good('Login successful!')
@@ -250,9 +248,7 @@ def inject_payload
 
   def exploit
     cookie_jar.clear
-    unless authenticate
-      fail_with(Failure::NoAccess, 'Login failed')
-    end
+    fail_with(Failure::NoAccess, 'Authentication failed') unless authenticate
     
     # Check if language editor permissions are enabled
     unless check_langedit_permission
