Update zabbix_toggleids_sqli.rb

brandonprry · web-flow · commit d43380330e50 · 2016-08-31T17:18:28.000-04:00
diff --git a/modules/auxiliary/gather/zabbix_toggleids_sqli.rb b/modules/auxiliary/gather/zabbix_toggleids_sqli.rb
@@ -60,7 +60,11 @@ def check
     end
 
     match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
-
+    
+    unless match
+      fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+    end
+    
     if match[1] == flag
       return Msf::Exploit::CheckCode::Vulnerable
     end
@@ -87,6 +91,10 @@ def run
 
     match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
 
+    unless match
+      fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+    end
+    
     count = match[1].to_i
 
     dbs = []
@@ -104,7 +112,11 @@ def run
       end
 
       match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
-
+      
+      unless match
+        fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+      end
+    
       dbs << match[1]
     end
 
@@ -129,6 +141,10 @@ def run
 
       match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
 
+      unless match
+        fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+      end
+
       count = match[1].to_i
 
       0.upto(count-1) do |cur|
@@ -146,6 +162,11 @@ def run
           end
 
           match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
+          
+          unless match
+            fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+          end
+          
           user[col] = match[1]
         end
         users << user
@@ -169,8 +190,13 @@ def authenticate
 
    cookies = res.get_cookies
 
-   res.body =~ /name="sid" value="(.*?)">/
-   sid = $1
+   match = /name="sid" value="(.*?)">/.match(res.body)
+   
+   unless match
+     fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+   end
+   
+   sid = match[1]
 
    if datastore['REQUIREAUTH']
 
@@ -208,8 +234,13 @@ def authenticate
        end
 
        cookies = res.get_cookies
-       res.body =~ /name="sid" value="(.*?)">/
-       sid = $1
+       match = /name="sid" value="(.*?)">/.match(res.body)
+   
+       unless match
+         fail_with(Failure::Unknown, 'Server did not respond in an expected way')
+       end
+   
+       sid = match[1]
      elsif
        fail_with(Failure::Unknown, 'Server did not respond in an expected way')
      end
