php_include: Tweak check()

Author: g0tmi1k

modules/exploits/unix/webapp/php_include.rb

@@ -71,23 +71,32 @@ def initialize(info = {})
     )
   end
 
+  # TODO: Would be nice if datastore['PHPURI'] is set, to use on_request_uri() to see if a connection happens, then would be able to return Exploit::CheckCode::Vulnerable
   def check
     method = datastore['FORMDATA'] ? 'POST' : 'GET'
-    uri = normalize_uri(datastore['ROOTDIR'], datastore['PHPURI']).gsub(/\?.*/, '')
+    uri = normalize_uri(datastore['ROOTDIR'], datastore['PHPURI']).gsub('!INJECT!', '')
     print_status("Checking URI via #{method}: #{uri}")
 
-    response = send_request_raw({
+    response = {
+      'global' => true,
       'uri' => uri,
       'method' => method,
       'headers' => datastore_headers.merge(
         'Connection' => 'close'
       )
-    })
+    }
+    unless method.casecmp?('get')
+      data = method.casecmp?('get') ? nil : encoded_url(datastore['FORMDATA'].gsub('!INJECT!', ''))
+      response['headers']['Content-Type'] = 'application/x-www-form-urlencoded'
+      response['headers']['Content-Length'] = data.length
+      response['data'] = data
+    end
+    response = send_request_raw(response)
     return Exploit::CheckCode::Unknown unless response
     return Exploit::CheckCode::Detected if response.code == 200
 
-    vprint_error("Server responded with: HTTP #{response.code}")
-    return Exploit::CheckCode::Safe
+    vprint_warning("Server responded with: HTTP #{response.code}")
+    return Exploit::CheckCode::Unknown
   end
 
   def datastore_headers