Print out malicious URLs that will be used by default

jhart-r7 · jhart-r7 · commit 59f75709ea76 · 2014-12-23T10:10:31.000-08:00
diff --git a/modules/exploits/multi/http/cve_2014_9390.rb b/modules/exploits/multi/http/cve_2014_9390.rb
@@ -237,8 +237,14 @@ def exploit
 
   def primer
     # add the git and mercurial URIs as necessary
-    hardcoded_uripath(git_uri) if datastore['GIT']
-    hardcoded_uripath(mercurial_uri) if datastore['MERCURIAL']
+    if datastore['GIT']
+      hardcoded_uripath(git_uri)
+      print_status("Malicious Git URI is #{URI.parse(get_uri).merge(git_uri)}")
+    end
+    if datastore['MERCURIAL']
+      hardcoded_uripath(mercurial_uri)
+      print_status("Malicious Mercurial URI is #{URI.parse(get_uri).merge(mercurial_uri)}")
+    end
   end
 
   def on_request_uri(cli, req)
