Do a fail_with in case nonce is not found at all

wchen-r7 · wchen-r7 · commit 1ecef265a10f · 2016-06-30T11:21:45.000-05:00
diff --git a/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb b/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
@@ -106,12 +106,18 @@ def fetch_ninja_form_nonce
     )
 
     unless res && res.code == 200
-      fail_with Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}"
+      fail_with(Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}")
     end
 
     form_wpnonce = res.get_hidden_inputs.first['_wpnonce']
 
-    res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce
+    nonce = res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce
+
+    unless nonce
+      fail_with(Failure::Unknown, 'Cannot find wpnonce or ajaxNonce from FORM_PATH')
+    end
+
+    nonce
   end
 
   def upload_payload(data)
