Land rapid7#7203, Fix struts_default_action_mapper payload request delay

Author: Brent Cook

modules/exploits/multi/http/struts_default_action_mapper.rb

@@ -26,9 +26,6 @@ def initialize(info = {})
         "redirectAction:" is not properly sanitized. Since said information will be
         evaluated as OGNL expression against the value stack, this introduces the
         possibility to inject server side code.
-
-        This module has been tested successfully on Struts 2.3.15 and Struts 2.0.11.2 over
-        Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -74,6 +71,7 @@ def initialize(info = {})
       Opt::RPORT(8080),
       OptString.new('TARGETURI', [true, 'Action URI', '/struts2-blank/example/HelloWorld.action']),
       OptInt.new('HTTP_DELAY', [true, 'Time that the HTTP Server will wait for the payload request', 60]),
+      OptInt.new('PAYLOAD_REQUEST_DELAY', [true, 'Time to wait for the payload request', 5]),
       # It isn't OptPath becuase it's a *remote* path
       OptString.new("WritableDir", [ true, "A directory where we can write files (only on Linux targets)", "/tmp" ])
     ], self.class)
@@ -359,6 +357,8 @@ def wait_payload
         fail_with(Failure::Unknown, "#{rhost}:#{rport} - Target didn't request request the ELF payload -- Maybe it cant connect back to us?")
       end
     end
+
+    sleep(datastore['PAYLOAD_REQUEST_DELAY'])
   end
 
   def build_hta