Skip to content

Commit 2dca182

Browse files
committed
Track and vprint canary value and code
1 parent 3489ea5 commit 2dca182

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ def find_canary
9898
# in most cases, the canary URI will not exist and will return a 404, but
9999
# if everything under TARGETURI is protected by auth, a 401 may be OK too.
100100
# but, regardless, respect the configuration set for this module
101-
return canary if res && res.code.to_s =~ @status_codes_regex
101+
return [canary, res.code] if res && res.code.to_s =~ @status_codes_regex
102102
end
103103
nil
104104
end
@@ -118,7 +118,10 @@ def headers
118118
# vulnerable.
119119
def test_misfortune
120120
# find a usable canary URI (one that returns an acceptable status code already)
121-
unless (canary_value = find_canary)
121+
if canary = find_canary
122+
canary_value, canary_code = canary
123+
vprint_status("#{peer} canary URI #{canary_value} with code #{canary_code}")
124+
else
122125
vprint_error("#{peer} Unable to find a suitable canary URI")
123126
return Exploit::CheckCode::Unknown
124127
end

0 commit comments

Comments
 (0)