Check STARTUP_FOLDER option

Author: jvazquez-r7

modules/exploits/windows/mysql/mysql_start_up.rb

@@ -102,6 +102,10 @@ def upload_file(bin, dest)
   end
 
   def exploit
+    unless datastore['STARTUP_FOLDER'].start_with?('/') && datastore['STARTUP_FOLDER'].end_with?('/')
+      fail_with(Failure::BadConfig, "STARTUP_FOLDER should start and end with '/' Ex: /programdata/microsoft/windows/start menu/programs/startup/")
+    end
+
     print_status("#{peer} - Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'")
     begin
       m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])