Avoid USERNAME and PASSWORD datastore options collisions

jvazquez-r7 · jvazquez-r7 · commit b35da0d91d9a · 2015-09-25T09:36:47.000-05:00
diff --git a/modules/exploits/freebsd/http/watchguard_cmd_exec.rb b/modules/exploits/freebsd/http/watchguard_cmd_exec.rb
@@ -52,8 +52,8 @@ def initialize(info = {})
     register_options(
       [
         OptString.new('TARGETURI', [true, 'The target URI', '/']),
-        OptString.new('USERNAME', [true, 'Web interface user account to add', 'backdoor']),
-        OptString.new('PASSWORD', [true, 'Web interface user password', 'backdoor']),
+        OptString.new('WATCHGUARD_USER', [true, 'Web interface user account to add', 'backdoor']),
+        OptString.new('WATCHGUARD_PASSWORD', [true, 'Web interface user password', 'backdoor']),
         OptInt.new('HTTPDELAY', [true, 'Time that the HTTP Server will wait for the payload request', 10]),
         Opt::RPORT(443)
       ],
@@ -210,8 +210,8 @@ def send_cmd_exec(uri,os_cmd,blocking=false)
 
   def get_session
     #Gets a valid login session, either valid creds or the SQLi vulnerability
-    username = datastore['USERNAME']
-    pwd_clear = datastore['PASSWORD']
+    username = datastore['WATCHGUARD_USER']
+    pwd_clear = datastore['WATCHGUARD_PASSWORD']
     user_id = rand(999)
 
     sid_cookie = attempt_login(username, pwd_clear)
