Fix AMT scanner for mangled HTML (no </p>)

Also stores proof using the correct :info for report_vuln (not :proof).
rapid7 · Jun 14, 2017 · 549f9e7 · 549f9e7
1 parent c137245
commit 549f9e7
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb b/modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb
@@ -76,7 +76,7 @@ def run_host(ip)
       proof = res.body.to_s
       proof_hash = nil
 
-      info_keys = res.body.scan(/<td class=r1><p>([^\<]+)<\/p>/).map{|x| x.first.to_s.gsub("&#x2F;", "/") }
+      info_keys = res.body.scan(/<td class=r1><p>([^\<]+)(?:<\/p>)?/).map{|x| x.first.to_s.gsub("&#x2F;", "/") }
       if info_keys.length > 0
         proof_hash = {}
         proof = ""
@@ -106,7 +106,7 @@ def run_host(ip)
         :proto => 'tcp',
         :name  => "Intel AMT Digest Authentication Bypass",
         :refs  => self.references,
-        :proof => proof
+        :info => proof
       })
 
     rescue ::Timeout::Error, ::Errno::EPIPE