Improve 200 fail_with in wp_phpmailer_host_header

wvu · wvu · commit 1f4ff30adb09 · 2017-05-16T22:38:36.000-05:00
One. last. commit. Noticed this in the response body.
diff --git a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
@@ -137,7 +137,7 @@ def send_request_payload(command)
     )
 
     if res && !res.redirect?
-      if res.code == 200
+      if res.code == 200 && res.body.include?('login_error')
         fail_with(Failure::NoAccess, 'WordPress username may be incorrect')
       elsif res.code == 400 && res.headers['Server'] =~ /^Apache/
         fail_with(Failure::NotVulnerable, 'HttpProtocolOptions may be Strict')

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ def send_request_payload(command)`
`137`	`137`	`)`
`138`	`138`
`139`	`139`	`if res && !res.redirect?`
`140`		`- if res.code == 200`
	`140`	`+ if res.code == 200 && res.body.include?('login_error')`
`141`	`141`	`fail_with(Failure::NoAccess, 'WordPress username may be incorrect')`
`142`	`142`	`elsif res.code == 400 && res.headers['Server'] =~ /^Apache/`
`143`	`143`	`fail_with(Failure::NotVulnerable, 'HttpProtocolOptions may be Strict')`