Land rapid7#7432, Fix erroneous cred reporting in SonicWALL exploit

Brent Cook · Brent Cook · commit 2014b2d2ab6a · 2016-10-12T22:39:15.000-05:00
diff --git a/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb b/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb
@@ -180,10 +180,10 @@ def do_login
       fail_with(Failure::NoAccess, "Username '#{datastore['USERNAME']}' is incorrect.")
     elsif res['loginfailed']
       fail_with(Failure::NoAccess, "Password '#{datastore['PASSWORD']}' is incorrect.")
+    elsif res['sessionid']
+      report_cred(datastore['USERNAME'], datastore['PASSWORD'])
     end
 
-    report_cred(datastore['USERNAME'], datastore['PASSWORD'])
-
     res
   end
 
