Fix rapid7#3974 - Validate and normalize URI for axis_login

Author: wchen-r7

modules/auxiliary/scanner/http/axis_login.rb

@@ -40,21 +40,23 @@ def initialize
 
     register_options( [
       Opt::RPORT(8080),
-      OptString.new('URI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
+      OptString.new('TARGETURI', [false, 'Path to the Apache Axis Administration page', '/axis2/axis2-admin/login']),
     ], self.class)
   end
 
+  # For print_* methods
   def target_url
     "http://#{vhost}:#{rport}#{datastore['URI']}"
   end
 
   def run_host(ip)
+    uri = normalize_uri(target_uri.path)
 
     print_status("Verifying login exists at #{target_url}")
     begin
       send_request_cgi({
         'method'  => 'GET',
-        'uri'     => datastore['URI']
+        'uri'     => uri
       }, 20)
     rescue
       print_error("The Axis2 login page does not exist at #{target_url}")
@@ -78,7 +80,7 @@ def run_host(ip)
     scanner = Metasploit::Framework::LoginScanner::Axis2.new(
       host: ip,
       port: rport,
-      uri: datastore['URI'],
+      uri: uri,
       proxies: datastore["PROXIES"],
       cred_details: cred_collection,
       stop_on_success: datastore['STOP_ON_SUCCESS'],