Various and sundry fixes for normalize_uri

todb · todb · commit 36adf86184ab · 2013-01-07T12:02:08.000-06:00
diff --git a/modules/auxiliary/scanner/http/axis_local_file_include.rb b/modules/auxiliary/scanner/http/axis_local_file_include.rb
@@ -62,7 +62,7 @@ def run_host(ip)
 				get_credentials(new_uri)
 
 			else
-				print_status("#{uri} - Apache Axis - The remote page not accessible")
+				print_status("#{target_url} - Apache Axis - The remote page not accessible")
 				return
 
 			end
@@ -82,7 +82,7 @@ def get_credentials(uri)
 				'uri'     => "#{uri}" + lfi_payload,
 			}, 25)
 
-			print_status("#{uri} - Apache Axis - Dumping administrative credentials")
+			print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
 
 			if (res and res.code == 200)
 				if res.body.to_s.match(/axisconfig/)
diff --git a/modules/exploits/multi/http/sit_file_upload.rb b/modules/exploits/multi/http/sit_file_upload.rb
@@ -65,7 +65,11 @@ def initialize(info = {})
 	def check
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] != '/'
+			uri = uri + "index.php"
+		else
+			uri = uri + "/index.php"
+		end
 
 		res = send_request_raw({
 			'uri'     => uri
@@ -88,7 +92,11 @@ def check
 	def retrieve_session(user, pass)
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] == "/"
+			uri = uri + "login.php"
+		else
+			uri = uri + "/login.php"
+		end
 
 		res = send_request_cgi({
 			'uri'     => uri,
@@ -114,7 +122,11 @@ def retrieve_session(user, pass)
 	def upload_page(session, newpage, contents)
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] == "/"
+			uri = uri + "ftp_upload_file.php"
+		else
+			uri = uri + "/ftp_upload_file.php"
+		end
 
 		boundary = rand_text_alphanumeric(6)
 
@@ -176,7 +188,11 @@ def cmd_shell(cmdpath)
 		print_status("Calling payload: #{cmdpath}")
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] == "/"
+			uri = uri + cmdpath
+		else
+			uri = uri + "/#{cmdpath}"
+		end
 
 		send_request_raw({
 			'uri'	=> uri
diff --git a/modules/exploits/multi/http/struts_code_exec.rb b/modules/exploits/multi/http/struts_code_exec.rb
@@ -66,8 +66,8 @@ def initialize(info = {})
 	end
 
 	def execute_command(cmd, opts = {})
-		uri =normalize_uri(datastore['URI'])
-		uri =  Rex::Text::uri_encode(uri)
+		uri =   normalize_uri(datastore['URI'])
+		uri =   Rex::Text::uri_encode(uri)
 		var_a = rand_text_alpha_lower(4)
 		var_b = rand_text_alpha_lower(2)
 		var_c = rand_text_alpha_lower(4)
