* The closing quotes after the `VALUE` attribute were not escaped. This
commit adds them
* The regex assumed that the short name does not contain whitespace.
I am looking at a Domino instance where the short name DOES contain
whitespace. This commit changes the regex such that the value is
assumed to not contain a quote before the closing quote. Of course,
there could be an escaped quote inside quotes in the HTML source, but
if we want to do it properly, we'd need an HTML parser which exceeds
my modest ruby skills.
* The fields `$dspHTTPPassword` and `dspHTTPPassword` (without the
dollar sign) can both contain the hash. The code assumed that only up
to one of those fields contain a hash. This leads to the hash being
printed twice in the output in my case.
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes#6437]
Gaurav Jain