sempervictus
diff --git a/‎lib/rex/proto/http/client_request.rb
Lines changed: 7 additions & 3 deletions b/‎lib/rex/proto/http/client_request.rb
Lines changed: 7 additions & 3 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb
Lines changed: 10 additions & 6 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb
Lines changed: 10 additions & 6 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
Lines changed: 9 additions & 6 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb
Lines changed: 9 additions & 6 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb
Lines changed: 7 additions & 3 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb
Lines changed: 7 additions & 3 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb
Lines changed: 7 additions & 3 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb
Lines changed: 7 additions & 3 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb
Lines changed: 10 additions & 7 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb
Lines changed: 10 additions & 7 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb
Lines changed: 9 additions & 8 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb
Lines changed: 9 additions & 8 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb
Lines changed: 10 additions & 7 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb
Lines changed: 10 additions & 7 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb
Lines changed: 9 additions & 5 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb
Lines changed: 9 additions & 5 deletions
diff --git a/‎modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb
Lines changed: 6 additions & 2 deletions b/‎modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb
Lines changed: 6 additions & 2 deletions
@@ -112,12 +112,16 @@ def to_s
 
       opts['vars_get'].each_pair do |var,val|
         var = var.to_s
-        val = val.to_s
 
         qstr << '&' if qstr.length > 0
         qstr << (opts['encode_params'] ? set_encode_uri(var) : var)
-        qstr << '='
-        qstr << (opts['encode_params'] ? set_encode_uri(val) : val)
+        # support get paraemter without value
+        # Example: uri?parameter
+        if val
+          val = val.to_s
+          qstr << '='
+          qstr << (opts['encode_params'] ? set_encode_uri(val) : val)
+        end
       end
 
       if (opts['pad_post_params'])
 
@@ -70,17 +70,21 @@ def run_host(ip)
     data << '</env:Envelope>'
     begin
       print_status("[SAP] #{ip}:#{rport} - Attempting to create user '#{datastore['BAPI_USER']}' with password '#{datastore['BAPI_PASSWORD']}'")
+
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
-        'headers' =>
-          {
-            'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
-          }
+        'headers' => {
+          'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
+        }
       })
       if res and res.code == 200
         if res.body =~ /<h1>Logon failed<\/h1>/
 
@@ -118,16 +118,19 @@ def bruteforce(username,password,client)
     data << '</env:Envelope>'
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + client + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + client,
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{client}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(username, password),
-        'headers' =>
-          {
-            'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
-          }
+        'headers' => {
+          'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
+        },
+        'vars_get' => {
+          'sap-client'    => client,
+          'sap-language'  => 'EN'
+        }
       })
       if res and res.code == 200
         report_auth_info(
 
@@ -93,14 +93,18 @@ def exec_command(ip,data)
     print_status("[SAP] #{ip}:#{rport} - sending SOAP SXPG_CALL_SYSTEM request")
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
-        'headers' =>{
+        'headers' => {
           'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
         }
       })
       if res and res.code != 500 and res.code != 200
 
@@ -94,14 +94,18 @@ def exec_command(ip,data)
     print_status("[SAP] #{ip}:#{rport} - sending SOAP SXPG_COMMAND_EXECUTE request")
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
-        'headers' =>{
+        'headers' => {
           'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
         }
       })
       if res
 
@@ -62,17 +62,20 @@ def run_host(ip)
     print_status("[SAP] #{ip}:#{rport} - sending SOAP RFC_PING request")
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + client + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + client,
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{client}",
         'data' => data,
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
         'ctype'  => 'text/xml; charset=UTF-8',
-        'headers' =>
-          {
-            'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions'
-          }
-        })
+        'headers' => {
+          'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions'
+        },
+        'vars_get' => {
+          'sap-client'    => client,
+          'sap-language'  => 'EN'
+        }
+      })
       if res and res.code != 500 and res.code != 200
         if res and res.body =~ /<h1>Logon failed<\/h1>/
           print_error("[SAP] #{ip}:#{rport} - login failed!")
 
@@ -83,19 +83,20 @@ def exec(ip,fields)
     print_status("[SAP] #{ip}:#{rport} - sending SOAP RFC_READ_TABLE request")
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
         'ctype' => 'text/xml; charset=UTF-8',
-        'headers' =>{
+        'headers' => {
           'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
-          #'Cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
-          #'Authorization' => 'Basic ' + user_pass,
-          #'Content-Type' =>
-          }
-        })
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
+        }
+      })
       if res and res.code != 500 and res.code != 200
         # to do - implement error handlers for each status code, 404, 301, etc.
         if res.body =~ /<h1>Logon failed<\/h1>/
 
@@ -70,17 +70,20 @@ def run_host(ip)
     begin
       vprint_status("[SAP] #{ip}:#{rport} - Attempting to create user '#{datastore['ABAP_USER']}' with password '#{datastore['ABAP_PASSWORD']}'")
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
-        'headers'  =>
-          {
-            'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions'
-          }
-        })
+        'headers'  => {
+          'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions'
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
+        }
+      })
       if res and res.code == 200
         if res.body =~ /<h1>Logon failed<\/h1>/
           vprint_error("[SAP] #{ip}:#{rport} - Logon failed")
 
@@ -73,16 +73,20 @@ def run_host(ip)
     print_status("[SAP] #{ip}:#{rport} - sending SOAP SXPG_COMMAND_EXECUTE request")
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
-        'headers' =>{
+        'headers' => {
           'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
-          }
-        })
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
+        }
+      })
       if res and res.code != 500 and res.code != 200
         # to do - implement error handlers for each status code, 404, 301, etc.
         print_error("[SAP] #{ip}:#{rport} - something went wrong!")
 
@@ -73,14 +73,18 @@ def run_host(ip)
     print_status("[SAP] #{ip}:#{rport} - sending SOAP SXPG_COMMAND_EXECUTE request")
     begin
       res = send_request_cgi({
-        'uri' => '/sap/bc/soap/rfc?sap-client=' + datastore['CLIENT'] + '&sap-language=EN',
+        'uri' => '/sap/bc/soap/rfc',
         'method' => 'POST',
         'data' => data,
-        'cookie' => 'sap-usercontext=sap-language=EN&sap-client=' + datastore['CLIENT'],
+        'cookie' => "sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}",
         'ctype' => 'text/xml; charset=UTF-8',
         'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),
         'headers' =>{
           'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',
+        },
+        'vars_get' => {
+          'sap-client'    => datastore['CLIENT'],
+          'sap-language'  => 'EN'
         }
       })
       if res and res.code != 500 and res.code != 200