From afc310c0c9651fd2eb7ab3f59773ebd8b854006d Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 30 Mar 2017 00:06:03 +0000
Subject: [PATCH] Cleans up XML request build-up by externalizing XML encoding
 and allowing for white-space indentation

---
 .../http-default-accounts-fingerprints.lua    | 44 ++++++++++++-------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index 7cc5919b8..90ac96aec 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -164,6 +164,16 @@ local function url_build_defaults (host, port, parsed)
   return parts
 end
 
+---
+-- Encodes a string to make it safe for embedding into XML/HTML.
+--
+-- @param s The string to be encoded.
+-- @return A string with unsafe characters encoded
+---
+local function xmlencode (s)
+  return s:gsub("%W", function (c) return ("&#x%x;"):format(c:byte()) end)
+end
+
 fingerprints = {}
 
 ---
@@ -1333,24 +1343,26 @@ table.insert(fingerprints, {
                       .. "_"
                       .. stdnse.clock_ms()
                       .. math.random(100000, 999999)
-    local encpass = stdnse.tohex(pass):gsub("..", "&#x%0;")
+    local encpass = xmlencode(pass)
     local header = {["Content-Type"]="text/xml", ["SOAPAction"]='""'}
     local soapmsg = [[
-<?xml version='1.0' encoding='UTF-8'?>
-<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-<SOAP-ENV:Body>
-<ns1:doLogin xmlns:ns1="urn:FierySoapService" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
-<sessionId xsi:type="xsd:string">__SESS__</sessionId>
-<in xsi:type="ns1:Login">
-<fieldsMask xsi:type="xsd:int">0</fieldsMask>
-<password xsi:type="xsd:string">__PASS__</password>
-<timeout xsi:type="xsd:int">30</timeout>
-<userName xsi:type="xsd:string" xsi:nil="true"/>
-</in>
-</ns1:doLogin>
-</SOAP-ENV:Body>
-</SOAP-ENV:Envelope>
-]]
+      <?xml version='1.0' encoding='UTF-8'?>
+      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+        <SOAP-ENV:Body>
+          <ns1:doLogin xmlns:ns1="urn:FierySoapService" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
+            <sessionId xsi:type="xsd:string">__SESS__</sessionId>
+            <in xsi:type="ns1:Login">
+              <fieldsMask xsi:type="xsd:int">0</fieldsMask>
+              <password xsi:type="xsd:string">__PASS__</password>
+              <timeout xsi:type="xsd:int">30</timeout>
+              <userName xsi:type="xsd:string" xsi:nil="true"/>
+            </in>
+          </ns1:doLogin>
+        </SOAP-ENV:Body>
+      </SOAP-ENV:Envelope>
+      ]]
+    -- strip off indentation
+    soapmsg = soapmsg:gsub("%f[^\0\n]%s+", "")
     -- username is not injected into the payload because it is implied
     soapmsg = soapmsg:gsub("__%w+__", {__SESS__=sessionid, __PASS__=encpass})
     local req = http_post_simple(host, port, url.absolute(path, "soap"),