Merge pull request rapid7#7639 from wchen-r7/fix_7628

jinq102030 · web-flow · commit f13d012ade6e · 2016-11-30T14:52:41.000-06:00
Fix rapid7#7628, concrete5_member_list HTML parser
diff --git a/modules/auxiliary/scanner/http/concrete5_member_list.rb b/modules/auxiliary/scanner/http/concrete5_member_list.rb
@@ -66,23 +66,25 @@ def run_host(rhost)
   end
 
   def extract_members(res, url)
-    members = res.body.scan(/<div class="ccm\-profile\-member\-username">(.*?)<\/div>/i)
+    members = res.get_html_document.search('div[@class="ccm-profile-member-username"]')
 
-    if members
+    unless members.empty?
       print_good("#{peer} Extracted #{members.length} entries")
 
       # separate user data into userID, username and Profile URL
       memberlist = []
       users = []
 
       members.each do | mem |
-        userid = mem[0].scan(/\/view\/(\d+)/i)
-        username = mem[0].scan(/">(.+)<\/a>/i)
-        profile = mem[0].scan(/href="(.+)">/i)
+        userid = mem.text.scan(/\/view\/(\d+)/i).flatten.first
+        anchor = mem.at('a')
+        username = anchor.text
+        profile = anchor.attributes['href'].value
         # add all data to memberlist for table output
-        memberlist.push([userid[0], username[0], profile[0]])
+
+        memberlist.push([userid, username, profile])
         # add usernames to users array for reporting
-        users.push(username[0])
+        users.push(username)
       end
 
       membertbl = Msf::Ui::Console::Table.new(
@@ -99,7 +101,7 @@ def extract_members(res, url)
             ]})
 
       memberlist.each do | mem |
-        membertbl << ["#{mem[0].join}", "#{mem[1].join}", "#{mem[2].join}"]
+        membertbl << [mem[0], mem[1], mem[2]]
       end
 
       # print table
