Use TARGETURI

wchen-r7 · wchen-r7 · commit 3b5e2a0c6e17 · 2015-06-26T14:02:17.000-05:00
diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb
@@ -55,7 +55,7 @@ def initialize(info={})
           OptString.new('APP_RPORT',[ true,  'The Application interface port', '8080']),
           OptString.new('USERNAME', [ false, 'The username to authenticate as','admin' ]),
           OptString.new('PASSWORD', [ false, 'The password for the specified username','' ]),
-          OptString.new('PATH', [ true,  "The URI path of the GlassFish Server", '/']),
+          OptString.new('TARGETURI', [ true,  "The URI path of the GlassFish Server", '/']),
           OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false])
         ], self.class)
   end
@@ -595,7 +595,7 @@ def upload_exec(opts = {})
     end
 
     #Execute our payload using the application interface (no need to use auth bypass technique)
-    jsp_path = "/" + app_base + "/" + jsp_name + ".jsp"
+    jsp_path = normalize_uri(target_uri.path, app_base, "#{jsp_name}.jsp")
     nclient = Rex::Proto::Http::Client.new(datastore['RHOST'], datastore['APP_RPORT'],
       {
         'Msf'        => framework,
@@ -682,7 +682,7 @@ def try_glassfish_auth_bypass(version)
   end
 
   def my_target_host
-    my_target_host = "http://#{rhost.to_s}:#{rport.to_s}#{normalize_uri(datastore['PATH'])}"
+    my_target_host = "http://#{rhost.to_s}:#{rport.to_s}#{normalize_uri(target_uri.path)}"
   end
 
 
@@ -740,7 +740,7 @@ def try_normal_login(version)
       private_type: :password
     ))
 
-    @scanner.send_request({'uri'=>'/'})
+    @scanner.send_request({'uri'=>normalize_uri(target_uri.path)})
     @scanner.version = version
     @cred_collection.each do |raw|
       cred = raw.to_credential
