adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/PgAdmin.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

708 lines
52 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::PgAdmin
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::PgAdmin";
relpath = '../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span>
&raquo;
<span class="title">PgAdmin</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::PgAdmin
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="Remote/HttpClient.html" title="Msf::Exploit::Remote::HttpClient (module)">Remote::HttpClient</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/pgadmin.rb</dd>
</dl>
</div>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="Remote/HttpClient.html" title="Msf::Exploit::Remote::HttpClient (module)">Remote::HttpClient</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Remote/HttpClient.html#client-instance_method" title="Msf::Exploit::Remote::HttpClient#client (method)">#client</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#cookie_jar-instance_method" title="Msf::Exploit::Remote::HttpClient#cookie_jar (method)">#cookie_jar</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#auth_required%3F-instance_method" title="#auth_required? (instance method)">#<strong>auth_required?</strong> &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#authenticate-instance_method" title="#authenticate (instance method)">#<strong>authenticate</strong>(username, password) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#check_version-instance_method" title="#check_version (instance method)">#<strong>check_version</strong>(patched_version, low_bound = 0) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#csrf_token-instance_method" title="#csrf_token (instance method)">#<strong>csrf_token</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_version-instance_method" title="#get_version (instance method)">#<strong>get_version</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#set_csrf_token_from_config-instance_method" title="#set_csrf_token_from_config (instance method)">#<strong>set_csrf_token_from_config</strong>(res) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#set_csrf_token_from_login_page-instance_method" title="#set_csrf_token_from_login_page (instance method)">#<strong>set_csrf_token_from_login_page</strong>(res) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Remote/HttpClient.html" title="Msf::Exploit::Remote::HttpClient (module)">Remote::HttpClient</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Remote/HttpClient.html#basic_auth-instance_method" title="Msf::Exploit::Remote::HttpClient#basic_auth (method)">#basic_auth</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#cleanup-instance_method" title="Msf::Exploit::Remote::HttpClient#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#configure_http_login_scanner-instance_method" title="Msf::Exploit::Remote::HttpClient#configure_http_login_scanner (method)">#configure_http_login_scanner</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#connect-instance_method" title="Msf::Exploit::Remote::HttpClient#connect (method)">#connect</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#connect_ws-instance_method" title="Msf::Exploit::Remote::HttpClient#connect_ws (method)">#connect_ws</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#deregister_http_client_options-instance_method" title="Msf::Exploit::Remote::HttpClient#deregister_http_client_options (method)">#deregister_http_client_options</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#disconnect-instance_method" title="Msf::Exploit::Remote::HttpClient#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#download-instance_method" title="Msf::Exploit::Remote::HttpClient#download (method)">#download</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#full_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#full_uri (method)">#full_uri</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#handler-instance_method" title="Msf::Exploit::Remote::HttpClient#handler (method)">#handler</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#http_fingerprint-instance_method" title="Msf::Exploit::Remote::HttpClient#http_fingerprint (method)">#http_fingerprint</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#initialize-instance_method" title="Msf::Exploit::Remote::HttpClient#initialize (method)">#initialize</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#lookup_http_fingerprints-instance_method" title="Msf::Exploit::Remote::HttpClient#lookup_http_fingerprints (method)">#lookup_http_fingerprints</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#normalize_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#normalize_uri (method)">#normalize_uri</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#path_from_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#path_from_uri (method)">#path_from_uri</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#peer-instance_method" title="Msf::Exploit::Remote::HttpClient#peer (method)">#peer</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#proxies-instance_method" title="Msf::Exploit::Remote::HttpClient#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#reconfig_redirect_opts!-instance_method" title="Msf::Exploit::Remote::HttpClient#reconfig_redirect_opts! (method)">#reconfig_redirect_opts!</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#request_opts_from_url-instance_method" title="Msf::Exploit::Remote::HttpClient#request_opts_from_url (method)">#request_opts_from_url</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#request_url-instance_method" title="Msf::Exploit::Remote::HttpClient#request_url (method)">#request_url</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#rhost-instance_method" title="Msf::Exploit::Remote::HttpClient#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#rport-instance_method" title="Msf::Exploit::Remote::HttpClient#rport (method)">#rport</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#send_request_cgi-instance_method" title="Msf::Exploit::Remote::HttpClient#send_request_cgi (method)">#send_request_cgi</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#send_request_cgi!-instance_method" title="Msf::Exploit::Remote::HttpClient#send_request_cgi! (method)">#send_request_cgi!</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#send_request_raw-instance_method" title="Msf::Exploit::Remote::HttpClient#send_request_raw (method)">#send_request_raw</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#service_details-instance_method" title="Msf::Exploit::Remote::HttpClient#service_details (method)">#service_details</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#setup-instance_method" title="Msf::Exploit::Remote::HttpClient#setup (method)">#setup</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#ssl-instance_method" title="Msf::Exploit::Remote::HttpClient#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#ssl_version-instance_method" title="Msf::Exploit::Remote::HttpClient#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::HttpClient#sslkeylogfile (method)">#sslkeylogfile</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#strip_tags-instance_method" title="Msf::Exploit::Remote::HttpClient#strip_tags (method)">#strip_tags</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#target_uri-instance_method" title="Msf::Exploit::Remote::HttpClient#target_uri (method)">#target_uri</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#validate_fingerprint-instance_method" title="Msf::Exploit::Remote::HttpClient#validate_fingerprint (method)">#validate_fingerprint</a></span>, <span class='object_link'><a href="Remote/HttpClient.html#vhost-instance_method" title="Msf::Exploit::Remote::HttpClient#vhost (method)">#vhost</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Remote/Kerberos/ServiceAuthenticator/Options.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options (module)">Remote::Kerberos::ServiceAuthenticator::Options</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Remote/Kerberos/ServiceAuthenticator/Options.html#kerberos_auth_options-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_auth_options (method)">#kerberos_auth_options</a></span>, <span class='object_link'><a href="Remote/Kerberos/ServiceAuthenticator/Options.html#kerberos_clock_skew_seconds-instance_method" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options#kerberos_clock_skew_seconds (method)">#kerberos_clock_skew_seconds</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Remote/Kerberos/Ticket/Storage.html" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage (module)">Remote::Kerberos::Ticket::Storage</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Remote/Kerberos/Ticket/Storage.html#initialize-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#initialize (method)">#initialize</a></span>, <span class='object_link'><a href="Remote/Kerberos/Ticket/Storage.html#kerberos_storage_options-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_storage_options (method)">#kerberos_storage_options</a></span>, <span class='object_link'><a href="Remote/Kerberos/Ticket/Storage.html#kerberos_ticket_storage-instance_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage#kerberos_ticket_storage (method)">#kerberos_ticket_storage</a></span>, <span class='object_link'><a href="Remote/Kerberos/Ticket/Storage.html#store_ccache-class_method" title="Msf::Exploit::Remote::Kerberos::Ticket::Storage.store_ccache (method)">store_ccache</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Auxiliary/LoginScanner.html" title="Msf::Auxiliary::LoginScanner (module)">Auxiliary::LoginScanner</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Auxiliary/LoginScanner.html#configure_login_scanner-instance_method" title="Msf::Auxiliary::LoginScanner#configure_login_scanner (method)">#configure_login_scanner</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Auxiliary/Report.html" title="Msf::Auxiliary::Report (module)">Auxiliary::Report</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Auxiliary/Report.html#active_db%3F-instance_method" title="Msf::Auxiliary::Report#active_db? (method)">#active_db?</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#create_cracked_credential-instance_method" title="Msf::Auxiliary::Report#create_cracked_credential (method)">#create_cracked_credential</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#create_credential-instance_method" title="Msf::Auxiliary::Report#create_credential (method)">#create_credential</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#create_credential_and_login-instance_method" title="Msf::Auxiliary::Report#create_credential_and_login (method)">#create_credential_and_login</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#create_credential_login-instance_method" title="Msf::Auxiliary::Report#create_credential_login (method)">#create_credential_login</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#db-instance_method" title="Msf::Auxiliary::Report#db (method)">#db</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#db_warning_given%3F-instance_method" title="Msf::Auxiliary::Report#db_warning_given? (method)">#db_warning_given?</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#get_client-instance_method" title="Msf::Auxiliary::Report#get_client (method)">#get_client</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#get_host-instance_method" title="Msf::Auxiliary::Report#get_host (method)">#get_host</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#inside_workspace_boundary%3F-instance_method" title="Msf::Auxiliary::Report#inside_workspace_boundary? (method)">#inside_workspace_boundary?</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#invalidate_login-instance_method" title="Msf::Auxiliary::Report#invalidate_login (method)">#invalidate_login</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#mytask-instance_method" title="Msf::Auxiliary::Report#mytask (method)">#mytask</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#myworkspace-instance_method" title="Msf::Auxiliary::Report#myworkspace (method)">#myworkspace</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#myworkspace_id-instance_method" title="Msf::Auxiliary::Report#myworkspace_id (method)">#myworkspace_id</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_auth_info-instance_method" title="Msf::Auxiliary::Report#report_auth_info (method)">#report_auth_info</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_client-instance_method" title="Msf::Auxiliary::Report#report_client (method)">#report_client</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_exploit-instance_method" title="Msf::Auxiliary::Report#report_exploit (method)">#report_exploit</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_host-instance_method" title="Msf::Auxiliary::Report#report_host (method)">#report_host</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_loot-instance_method" title="Msf::Auxiliary::Report#report_loot (method)">#report_loot</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_note-instance_method" title="Msf::Auxiliary::Report#report_note (method)">#report_note</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_service-instance_method" title="Msf::Auxiliary::Report#report_service (method)">#report_service</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_vuln-instance_method" title="Msf::Auxiliary::Report#report_vuln (method)">#report_vuln</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_web_form-instance_method" title="Msf::Auxiliary::Report#report_web_form (method)">#report_web_form</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_web_page-instance_method" title="Msf::Auxiliary::Report#report_web_page (method)">#report_web_page</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_web_site-instance_method" title="Msf::Auxiliary::Report#report_web_site (method)">#report_web_site</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#report_web_vuln-instance_method" title="Msf::Auxiliary::Report#report_web_vuln (method)">#report_web_vuln</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#store_cred-instance_method" title="Msf::Auxiliary::Report#store_cred (method)">#store_cred</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#store_local-instance_method" title="Msf::Auxiliary::Report#store_local (method)">#store_local</a></span>, <span class='object_link'><a href="../Auxiliary/Report.html#store_loot-instance_method" title="Msf::Auxiliary::Report#store_loot (method)">#store_loot</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Metasploit/Framework/Require.html" title="Metasploit::Framework::Require (module)">Metasploit::Framework::Require</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Metasploit/Framework/Require.html#optionally-class_method" title="Metasploit::Framework::Require.optionally (method)">optionally</a></span>, <span class='object_link'><a href="../../Metasploit/Framework/Require.html#optionally_active_record_railtie-class_method" title="Metasploit::Framework::Require.optionally_active_record_railtie (method)">optionally_active_record_railtie</a></span>, <span class='object_link'><a href="../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-class_method" title="Metasploit::Framework::Require.optionally_include_metasploit_credential_creation (method)">optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-instance_method" title="Metasploit::Framework::Require#optionally_include_metasploit_credential_creation (method)">#optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../Metasploit/Framework/Require.html#optionally_require_metasploit_db_gem_engines-class_method" title="Metasploit::Framework::Require.optionally_require_metasploit_db_gem_engines (method)">optionally_require_metasploit_db_gem_engines</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="auth_required?-instance_method">
#<strong>auth_required?</strong> &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
13
14
15
16
17
18
19</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 13</span>
<span class='kw'>def</span> <span class='id identifier rubyid_auth_required?'>auth_required?</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='rparen'>)</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>302</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Location</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>login</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span>
<span class='kw'>false</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="authenticate-instance_method">
#<strong>authenticate</strong>(username, password) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 81</span>
<span class='kw'>def</span> <span class='id identifier rubyid_authenticate'>authenticate</span><span class='lparen'>(</span><span class='id identifier rubyid_username'>username</span><span class='comma'>,</span> <span class='id identifier rubyid_password'>password</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>authenticate/login</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>POST</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>vars_post</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>csrf_token</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_csrf_token'>csrf_token</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>email</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_username'>username</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>password</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_password'>password</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>language</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>en</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>internal_button</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Login</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>302</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_headers'>headers</span><span class='op'>&amp;.</span><span class='op'>[]</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Location</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>!=</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>login</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Module/Failure.html#NoAccess-constant" title="Msf::Module::Failure::NoAccess (constant)">NoAccess</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Failed to authenticate to pgAdmin</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Successfully authenticated to pgAdmin</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="check_version-instance_method">
#<strong>check_version</strong>(patched_version, low_bound = 0) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
38
39
40
41
42
43
44</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 38</span>
<span class='kw'>def</span> <span class='id identifier rubyid_check_version'>check_version</span><span class='lparen'>(</span><span class='id identifier rubyid_patched_version'>patched_version</span><span class='comma'>,</span> <span class='id identifier rubyid_low_bound'>low_bound</span> <span class='op'>=</span> <span class='int'>0</span><span class='rparen'>)</span>
<span class='id identifier rubyid_version'>version</span> <span class='op'>=</span> <span class='id identifier rubyid_get_version'>get_version</span>
<span class='kw'>return</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="CheckCode.html" title="Msf::Exploit::CheckCode (class)">CheckCode</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="CheckCode.html#Unknown-constant" title="Msf::Exploit::CheckCode::Unknown (constant)">Unknown</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Unable to determine the target version</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='kw'>unless</span> <span class='id identifier rubyid_version'>version</span>
<span class='kw'>return</span> <span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="CheckCode.html" title="Msf::Exploit::CheckCode (class)">CheckCode</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="CheckCode.html#Safe-constant" title="Msf::Exploit::CheckCode::Safe (constant)">Safe</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>pgAdmin version </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_version'>version</span><span class='embexpr_end'>}</span><span class='tstring_content'> is not affected</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_version'>version</span> <span class='op'>&gt;=</span> <span class='const'><span class='object_link'><a href="../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_patched_version'>patched_version</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='id identifier rubyid_version'>version</span> <span class='op'>&lt;</span> <span class='const'><span class='object_link'><a href="../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_low_bound'>low_bound</span><span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="CheckCode.html" title="Msf::Exploit::CheckCode (class)">CheckCode</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="CheckCode.html#Appears-constant" title="Msf::Exploit::CheckCode::Appears (constant)">Appears</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>pgAdmin version </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_version'>version</span><span class='embexpr_end'>}</span><span class='tstring_content'> is affected</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="csrf_token-instance_method">
#<strong>csrf_token</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
46
47
48
49
50
51
52
53
54
55
56
57
58</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 46</span>
<span class='kw'>def</span> <span class='id identifier rubyid_csrf_token'>csrf_token</span>
<span class='kw'>return</span> <span class='ivar'>@csrf_token</span> <span class='kw'>if</span> <span class='ivar'>@csrf_token</span>
<span class='kw'>if</span> <span class='id identifier rubyid_auth_required?'>auth_required?</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>login</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='id identifier rubyid_set_csrf_token_from_login_page'>set_csrf_token_from_login_page</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>browser/js/utils.js</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='id identifier rubyid_set_csrf_token_from_config'>set_csrf_token_from_config</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_fail_with'>fail_with</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../Module/Failure.html" title="Msf::Module::Failure (module)">Failure</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Module/Failure.html#UnexpectedReply-constant" title="Msf::Module::Failure::UnexpectedReply (constant)">UnexpectedReply</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Failed to obtain the CSRF token</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='kw'>unless</span> <span class='ivar'>@csrf_token</span>
<span class='ivar'>@csrf_token</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_version-instance_method">
#<strong>get_version</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 21</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_version'>get_version</span>
<span class='kw'>if</span> <span class='id identifier rubyid_auth_required?'>auth_required?</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>login</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>browser/</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_html_document'>html_document</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_get_html_document'>get_html_document</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_html_document'>html_document</span><span class='op'>&amp;.</span><span class='id identifier rubyid_xpath'>xpath</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>//title</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_text'>text</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>pgAdmin 4</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># there&#39;s multiple links in the HTML that expose the version number in the [X]XYYZZ,
</span> <span class='comment'># see: https://github.com/pgadmin-org/pgadmin4/blob/053b1e3d693db987d1c947e1cb34daf842e387b7/web/version.py#L27
</span> <span class='id identifier rubyid_versioned_link'>versioned_link</span> <span class='op'>=</span> <span class='id identifier rubyid_html_document'>html_document</span><span class='period'>.</span><span class='id identifier rubyid_xpath'>xpath</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>//link</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_link'>link</span><span class='op'>|</span> <span class='id identifier rubyid_link'>link</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>href</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\?ver=(\d?\d)(\d\d)(\d\d)</span><span class='regexp_end'>/</span></span> <span class='rbrace'>}</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='id identifier rubyid_versioned_link'>versioned_link</span>
<span class='const'><span class='object_link'><a href="../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Rex/Version.html" title="Rex::Version (class)">Version</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../Rex/Version.html#initialize-instance_method" title="Rex::Version#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='const'>Regexp</span><span class='period'>.</span><span class='id identifier rubyid_last_match'>last_match</span><span class='lparen'>(</span><span class='int'>1</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='const'>Regexp</span><span class='period'>.</span><span class='id identifier rubyid_last_match'>last_match</span><span class='lparen'>(</span><span class='int'>2</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='const'>Regexp</span><span class='period'>.</span><span class='id identifier rubyid_last_match'>last_match</span><span class='lparen'>(</span><span class='int'>3</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="set_csrf_token_from_config-instance_method">
#<strong>set_csrf_token_from_config</strong>(res) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
60
61
62
63
64
65
66
67
68
69
70</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 60</span>
<span class='kw'>def</span> <span class='id identifier rubyid_set_csrf_token_from_config'>set_csrf_token_from_config</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='comment'># The CSRF token should be inside a java script tag, inside a function called window.renderSecurityPage and should look like:
</span> <span class='comment'># ImQzYTQ0YzAzOGMyY2YwZWNkMWRkY2Q4ODdhMTA5MGM3YzI5ZTYzY2Ii.Z_6Kdw.XP2eOIJ26MikqG5J8J8W1bDPMpQ
</span> <span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>csrfToken&quot;: &quot;([\w+.-]+)&quot;</span><span class='regexp_end'>/</span></span>
<span class='ivar'>@csrf_token</span> <span class='op'>=</span> <span class='const'>Regexp</span><span class='period'>.</span><span class='id identifier rubyid_last_match'>last_match</span><span class='lparen'>(</span><span class='int'>1</span><span class='rparen'>)</span>
<span class='comment'># at some point between v7.0 and 7.7 the token format changed
</span> <span class='kw'>else</span>
<span class='ivar'>@csrf_token</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_scan'>scan</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>pgAdmin\[&#39;csrf_token&#39;\]\s*=\s*&#39;([^&#39;]+)&#39;</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span><span class='op'>&amp;.</span><span class='id identifier rubyid_flatten'>flatten</span><span class='op'>&amp;.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="set_csrf_token_from_login_page-instance_method">
#<strong>set_csrf_token_from_login_page</strong>(res) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
72
73
74
75
76
77
78
79</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/pgadmin.rb', line 72</span>
<span class='kw'>def</span> <span class='id identifier rubyid_set_csrf_token_from_login_page'>set_csrf_token_from_login_page</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>csrfToken&quot;: &quot;([\w+.-]+)&quot;</span><span class='regexp_end'>/</span></span>
<span class='ivar'>@csrf_token</span> <span class='op'>=</span> <span class='const'>Regexp</span><span class='period'>.</span><span class='id identifier rubyid_last_match'>last_match</span><span class='lparen'>(</span><span class='int'>1</span><span class='rparen'>)</span>
<span class='comment'># at some point between v7.0 and 7.7 the token format changed
</span> <span class='kw'>elsif</span> <span class='lparen'>(</span><span class='id identifier rubyid_element'>element</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_get_html_document'>get_html_document</span><span class='period'>.</span><span class='id identifier rubyid_xpath'>xpath</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>//input[@id=&#39;csrf_token&#39;]</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='op'>&amp;.</span><span class='id identifier rubyid_first'>first</span><span class='rparen'>)</span>
<span class='ivar'>@csrf_token</span> <span class='op'>=</span> <span class='id identifier rubyid_element'>element</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>value</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:11 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink