Fix incorrect instances of the stack being unwound using #scoped_option_change

Author: rastating

lib/wpxf/wordpress/login.rb

@@ -44,11 +44,13 @@ def wordpress_login(user, pass)
   end
 
   private def execute_wp_login_request(user, pass)
+    res = nil
     scoped_option_change('follow_http_redirection', false) do
-      return execute_post_request(
+      res = execute_post_request(
         url: wordpress_url_login,
         body: wordpress_login_post_body(user, pass)
       )
     end
+    res
   end
 end

modules/auxiliary/download_manager_authenticated_privilege_escalation.rb

@@ -66,6 +66,7 @@ def run
       'payment_account' => '0'
     }
 
+    mod_result = true
     scoped_option_change('follow_http_redirection', false) do
       res = execute_post_request(
         url: full_uri,
@@ -77,10 +78,10 @@ def run
         emit_success "User #{username} now has full admin rights"
       else
         emit_error 'Failed to escalate privileges'
-        return false
+        mod_result = false
       end
     end
 
-    return true
+    mod_result
   end
 end

modules/exploits/user_login_log_authenticated_stored_xss_shell_upload.rb

@@ -27,11 +27,14 @@ def requires_authentication
   end
 
   def run
+    stored = true
     scoped_option_change 'user_agent', "<script>#{xss_ascii_encoded_include_script}</script>" do
       emit_info 'Storing script...'
-      return false unless super
+      stored = super
     end
 
+    return false unless stored
+
     emit_success 'Script stored and will be executed when a user views the login logs.'
     start_http_server