From 36adf86184ab93783555771f7b70962673cf2b54 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <todb@metasploit.com>
Date: Mon, 7 Jan 2013 12:02:08 -0600
Subject: [PATCH] Various and sundry fixes for normalize_uri

---
 .../scanner/http/axis_local_file_include.rb   |  4 ++--
 .../exploits/multi/http/sit_file_upload.rb    | 24 +++++++++++++++----
 .../exploits/multi/http/struts_code_exec.rb   |  4 ++--
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/modules/auxiliary/scanner/http/axis_local_file_include.rb b/modules/auxiliary/scanner/http/axis_local_file_include.rb
index b78e6c3ff1..70969789c2 100644
--- a/modules/auxiliary/scanner/http/axis_local_file_include.rb
+++ b/modules/auxiliary/scanner/http/axis_local_file_include.rb
@@ -62,7 +62,7 @@ class Metasploit3 < Msf::Auxiliary
 				get_credentials(new_uri)
 
 			else
-				print_status("#{uri} - Apache Axis - The remote page not accessible")
+				print_status("#{target_url} - Apache Axis - The remote page not accessible")
 				return
 
 			end
@@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
 				'uri'     => "#{uri}" + lfi_payload,
 			}, 25)
 
-			print_status("#{uri} - Apache Axis - Dumping administrative credentials")
+			print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
 
 			if (res and res.code == 200)
 				if res.body.to_s.match(/axisconfig/)
diff --git a/modules/exploits/multi/http/sit_file_upload.rb b/modules/exploits/multi/http/sit_file_upload.rb
index 098ce1de55..830202444b 100644
--- a/modules/exploits/multi/http/sit_file_upload.rb
+++ b/modules/exploits/multi/http/sit_file_upload.rb
@@ -65,7 +65,11 @@ class Metasploit3 < Msf::Exploit::Remote
 	def check
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] != '/'
+			uri = uri + "index.php"
+		else
+			uri = uri + "/index.php"
+		end
 
 		res = send_request_raw({
 			'uri'     => uri
@@ -88,7 +92,11 @@ class Metasploit3 < Msf::Exploit::Remote
 	def retrieve_session(user, pass)
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] == "/"
+			uri = uri + "login.php"
+		else
+			uri = uri + "/login.php"
+		end
 
 		res = send_request_cgi({
 			'uri'     => uri,
@@ -114,7 +122,11 @@ class Metasploit3 < Msf::Exploit::Remote
 	def upload_page(session, newpage, contents)
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] == "/"
+			uri = uri + "ftp_upload_file.php"
+		else
+			uri = uri + "/ftp_upload_file.php"
+		end
 
 		boundary = rand_text_alphanumeric(6)
 
@@ -176,7 +188,11 @@ class Metasploit3 < Msf::Exploit::Remote
 		print_status("Calling payload: #{cmdpath}")
 
 		uri = normalize_uri(datastore['URI'])
-		uri << '/' if uri[-1,1] != '/'
+		if uri[-1,1] == "/"
+			uri = uri + cmdpath
+		else
+			uri = uri + "/#{cmdpath}"
+		end
 
 		send_request_raw({
 			'uri'	=> uri
diff --git a/modules/exploits/multi/http/struts_code_exec.rb b/modules/exploits/multi/http/struts_code_exec.rb
index 623aa910ac..1c4bfc9e07 100644
--- a/modules/exploits/multi/http/struts_code_exec.rb
+++ b/modules/exploits/multi/http/struts_code_exec.rb
@@ -66,8 +66,8 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def execute_command(cmd, opts = {})
-		uri =normalize_uri(datastore['URI'])
-		uri =  Rex::Text::uri_encode(uri)
+		uri =   normalize_uri(datastore['URI'])
+		uri =   Rex::Text::uri_encode(uri)
 		var_a = rand_text_alpha_lower(4)
 		var_b = rand_text_alpha_lower(2)
 		var_c = rand_text_alpha_lower(4)