From 3220cbd62bca9fdd7882e9d0a4f647473a9fbb7f Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 24 Mar 2017 16:20:00 +0000
Subject: [PATCH] Fix a crash in http-vuln-wnr1000-creds when request fails
 (i.e. not vuln)

---
 scripts/http-vuln-wnr1000-creds.nse | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/scripts/http-vuln-wnr1000-creds.nse b/scripts/http-vuln-wnr1000-creds.nse
index ccd954b20..525c9ba7b 100644
--- a/scripts/http-vuln-wnr1000-creds.nse
+++ b/scripts/http-vuln-wnr1000-creds.nse
@@ -67,13 +67,17 @@ action = function(host, port)
 
     local detection_session = http.get(host, port, uri)
 
-    if detection_session then
+    if detection_session.status then
+      if not detection_session.body then
+        stdnse.debug1("No response body")
+        return vuln_report:make_output(vuln)
+      end
         -- gather the id
         local id_netgear = string.match(escape(detection_session.body), ('(id=%d+)'))
 
         if id_netgear == nil then
-            stdnse.debug1("Unable to obtain the id")
-            return
+          stdnse.debug1("Unable to obtain the id")
+          return vuln_report:make_output(vuln)
         else
             -- send the payload to get username and password
             local payload_session = http.post(host, port, uri .. "passwordrecovered.cgi?" .. id_netgear, { no_cache = true }, nil, "")