Merge remote branch 'origin/bug/fix-double-slashes'

Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.

Author: todb

lib/msf/core/exploit/http/client.rb

@@ -535,6 +535,23 @@ def target_uri
 		end
 	end
 
+	#
+	# Make sure the URI starts with a slash and doesn't end with one
+	#
+	def normalize_uri(str)
+
+		unless str.to_s[0,1] == "/"
+			str = "/" + str.to_s
+		end
+
+		str = str.gsub(/^\/+/, '/')
+		unless str.length == 1
+			str = str.gsub(/\/+$/, '')
+		end
+
+		str
+	end
+
 	#
 	# Returns the target host
 	#

modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb

@@ -76,7 +76,7 @@ def run_host(ip)
 
 		begin
 			res = send_request_raw({
-				'uri'     => "/#{datastore['URI']}",
+				'uri'     => normalize_uri(datastore['URI']),
 				'method'  => 'POST',
 				'data'    => data,
 				'headers' =>
@@ -141,7 +141,7 @@ def osexecute(rhost, cmd_to_run)
 
 		begin
 			res = send_request_raw({
-				'uri'     => "/#{datastore['URI']}",
+				'uri'     => normalize_uri(datastore['URI']),
 				'method'  => 'POST',
 				'data'    => data,
 				'headers' =>

modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb

@@ -79,8 +79,8 @@ def enum_user(user='administrator', pass='pass')
 
 		begin
 			res = send_request_raw({
-				'uri'		  => "/#{datastore['URI']}/services/Session",
-				'method'	   => 'POST',
+				'uri'     => normalize_uri(datastore['URI']) + "/services/Session",
+				'method'  => 'POST',
 				'data'	  => data,
 				'headers' =>
 					{

modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb

@@ -49,8 +49,8 @@ def initialize
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'	 => "/#{datastore['URI']}/services/listServices",
-			'method'  => 'GET',
+			'uri'    => normalize_uri(datastore['URI']) + "/services/listServices",
+			'method' => 'GET',
 				'headers' => {
 					'User-Agent' => datastore['UserAgent']
 				}
@@ -81,9 +81,9 @@ def enum_user(user='administrator', pass='invalid-sap-password-0d03b389-b7a1-4ec
 
 		begin
 			res = send_request_raw({
-				'uri'		  => "/#{datastore['URI']}/services/Session",
-				'method'	   => 'POST',
-				'data'	  => data,
+				'uri'     => normalize_uri(datastore['URI']) + "/services/Session",
+				'method'  => 'POST',
+				'data'    => data,
 				'headers' =>
 					{
 						'Content-Length' => data.length,

modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb

@@ -48,8 +48,8 @@ def rport
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'	 => "/#{datastore['URI']}/services/listServices",
-			'method'  => 'GET',
+			'uri'    => normalize_uri(datastore['URI']) + "/services/listServices",
+			'method' => 'GET',
 				'headers' => {
 					'User-Agent' => datastore['UserAgent']
 				}
@@ -77,9 +77,9 @@ def enum_version(rhost)
 
 		begin
 			res = send_request_raw({
-				'uri'		  => "/#{datastore['URI']}/services/Session",
-				'method'	   => 'POST',
-				'data'	  => data,
+				'uri'     => normalize_uri(datastore['URI']) + "/services/Session",
+				'method'  => 'POST',
+				'data'    => data,
 				'headers' =>
 					{
 						'Content-Length' => data.length,

modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb

@@ -46,7 +46,7 @@ def rport
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'     => "/#{datastore['URI']}",
+			'uri'     => normalize_uri(datastore['URI']),
 			'method'  => 'GET',
 			'headers' => {'User-Agent' => datastore['UserAgent']}
 		}, 25)
@@ -83,7 +83,7 @@ def extractabap(rhost)
 
 		begin
 			res = send_request_raw({
-				'uri'     => "/#{datastore['URI']}",
+				'uri'     => normalize_uri(datastore['URI']),
 				'method'  => 'POST',
 				'data'    => data,
 				'headers' =>

modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb

@@ -51,7 +51,7 @@ def initialize
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'     => "/#{datastore['URI']}",
+			'uri'     => normalize_uri(datastore['URI']),
 			'method'  => 'GET',
 			'headers' =>
 				{
@@ -114,7 +114,7 @@ def enum_user(user, pass)
 
 		begin
 			res = send_request_raw({
-				'uri'      => "/#{datastore['URI']}",
+				'uri'      => normalize_uri(datastore['URI']),
 				'method'   => 'POST',
 				'data'     => data,
 				'headers'  =>

modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb

@@ -49,7 +49,7 @@ def rport
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'     => "/#{datastore['URI']}",
+			'uri'     => normalize_uri(datastore['URI']),
 			'method'  => 'GET',
 			'headers' =>
 				{
@@ -90,7 +90,7 @@ def extractusers(rhost)
 
 		begin
 			res = send_request_raw({
-				'uri'      => "/#{datastore['URI']}",
+				'uri'      => normalize_uri(datastore['URI']),
 				'method'   => 'POST',
 				'data'     => data,
 				'headers'  =>

modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb

@@ -49,7 +49,7 @@ def rport
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'      => "/#{datastore['URI']}",
+			'uri'      => normalize_uri(datastore['URI']),
 			'method'   => 'GET',
 			'headers'  =>
 				{
@@ -89,7 +89,7 @@ def getacesspoints(rhost)
 
 		begin
 			res = send_request_raw({
-				'uri'      => "/#{datastore['URI']}",
+				'uri'      => normalize_uri(datastore['URI']),
 				'method'   => 'POST',
 				'data'     => data,
 				'headers'  =>

modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb

@@ -49,7 +49,7 @@ def rport
 
 	def run_host(ip)
 		res = send_request_cgi({
-			'uri'      => "/#{datastore['URI']}",
+			'uri'      => normalize_uri(datastore['URI']),
 			'method'   => 'GET',
 			'headers'  =>
 				{
@@ -89,7 +89,7 @@ def getEnvironment(rhost)
 
 		begin
 			res = send_request_raw({
-				'uri'      => "/#{datastore['URI']}",
+				'uri'      => normalize_uri(datastore['URI']),
 				'method'   => 'POST',
 				'data'     => data,
 				'headers'  =>