Reinstate redirect check, fix regex

egypt · egypt · commit 4f9117ff4584 · 2017-04-28T14:45:50.000-05:00
diff --git a/lib/msf/core/exploit/http/wordpress/login.rb b/lib/msf/core/exploit/http/wordpress/login.rb
@@ -14,13 +14,15 @@ def wordpress_login(user, pass, timeout = 20)
         'uri' => wordpress_url_login,
         'vars_post' => wordpress_helper_login_post_data(user, pass, redirect)
     }, timeout)
-    cookies = res.get_cookies
+    if res && res.redirect? && res.redirection && res.redirection.to_s == redirect
+      cookies = res.get_cookies
+    end
 
     if cookies && (
       # current Wordpress (2.6+)
       cookies =~ /wordpress_(?:sec|logged_in_)[^=]+=[^;]+;/i ||
       # Wordpress 2.5
-      cookies =~ /wordpress_[a-f0-9]+=[^;]+;/i ||
+      cookies =~ /wordpress_[a-z0-9]+=[^;]+;/i ||
       # Wordpress 2.0
       cookies =~ /wordpress(?:user|pass)_[^=]+=[^;]+;/i
     )
@@ -30,7 +32,7 @@ def wordpress_login(user, pass, timeout = 20)
         port: rport,
         protocol: 'tcp',
         service_name: 'http',
-        workspace_id: myworkspace.id,
+        workspace_id: myworkspace_id,
       }
 
       cdata = {
@@ -45,10 +47,10 @@ def wordpress_login(user, pass, timeout = 20)
       login_data = { core: core }.merge(service_data)
 
       create_credential_login(login_data)
+
       return cookies
     end
 
-
     nil
   end
 end
