Fix rapid7#7158, tiki_calendar_exec incorrectly reports successful login

wchen-r7 · wchen-r7 · commit 1e1866f583e5 · 2016-07-28T17:03:31.000-05:00
Fix rapid7#7158
diff --git a/modules/exploits/linux/http/tiki_calendar_exec.rb b/modules/exploits/linux/http/tiki_calendar_exec.rb
@@ -53,8 +53,8 @@ def initialize(info = {})
       [
         Opt::RPORT(80),
         OptString.new('TARGETURI', [ true, 'The URI of Tiki-Wiki', '/']),
-        OptString.new('USERNAME',  [ false, 'Username of a user with calendar access', 'admin']),
-        OptString.new('PASSWORD',  [ false, 'Password of a user with calendar access', 'admin'])
+        OptString.new('USERNAME',  [ true, 'Username of a user with calendar access', 'admin']),
+        OptString.new('PASSWORD',  [ true, 'Password of a user with calendar access', 'admin'])
       ], self.class
     )
   end
@@ -67,6 +67,11 @@ def authenticate
         'uri'       => normalize_uri(target_uri.path, 'tiki-login_scr.php'),
         'method'    => 'GET'
       )
+
+      if res && res.code == 404
+        fail_with(Failure::Unknown, 'Target does not have tiki-login_scr.php')
+      end
+
       cookie = res ? res.get_cookies : ''
       # if we have creds, login with them
       vprint_status('Attempting Login')
@@ -88,7 +93,7 @@ def authenticate
       # double check auth worked and we got a Log out on the page.
       # at times I got it to auth, but then it would give permission errors
       # so we want to try to double check everything is good
-      if res && !res.body =~ /Log out/
+      if res && res.body !~ /Log out/
         fail_with(Failure::UnexpectedReply, "#{peer} Login Failed with #{datastore['USERNAME']}:#{datastore['PASSWORD']}")
       end
       vprint_good("Login Successful!")
