Fix timeout with HEAD request in delete_file

us3r777 · us3r777 · commit b8ba2dd70304 · 2014-09-08T18:34:50.000+02:00
diff --git a/lib/msf/http/jboss/deployment_file_repository.rb b/lib/msf/http/jboss/deployment_file_repository.rb
@@ -55,10 +55,12 @@ def delete_file(folder, name, ext)
 
     if http_verb == 'POST'
       opts.merge!('vars_post' => params)
+      timeout = 5
     else
       opts.merge!('vars_get' => params)
+      timeout = 30
     end
-    send_request_cgi(opts)
+    send_request_cgi(opts, timeout)
   end
 
 end
diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb
@@ -168,11 +168,11 @@ def exploit
       print_status("This might take some time, be patient...") if http_verb == "HEAD"
       delete_res = []
       if head_stager_jsp_name
-        delete_res << delete_file(Rex::Text.uri_encode(stager_base) + '.war', head_stager_jsp_name, '.jsp')
+        delete_res << delete_file(stager_base + '.war', head_stager_jsp_name, '.jsp')
       end
-      delete_res << delete_file(Rex::Text.uri_encode(stager_base) + '.war', stager_jsp_name, '.jsp')
-      delete_res << delete_file('./', Rex::Text.uri_encode(stager_base) + '.war', '')
-      delete_res << delete_file('./', Rex::Text.uri_encode(app_base) + '.war', '')
+      delete_res << delete_file(stager_base + '.war', stager_jsp_name, '.jsp')
+      delete_res << delete_file('./', stager_base + '.war', '')
+      delete_res << delete_file('./', app_base + '.war', '')
       delete_res.each do |res|
         if !res
           print_warning("WARNING: Unable to remove WAR [No Response]")
