From 7c7f63df45a113b7dbd46968c4f7f79dfb85fcba Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Thu, 30 Aug 2018 15:55:14 -0500
Subject: [PATCH] Fix missing normalize_uri in struts2_rest_xstream

I missed this one previously. May not be necessary but nice to have.
---
 modules/exploits/multi/http/struts2_rest_xstream.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/struts2_rest_xstream.rb b/modules/exploits/multi/http/struts2_rest_xstream.rb
index 893a66fb97..bb86efc922 100644
--- a/modules/exploits/multi/http/struts2_rest_xstream.rb
+++ b/modules/exploits/multi/http/struts2_rest_xstream.rb
@@ -110,7 +110,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     res = send_request_cgi(
       'method' => 'POST',
-      'uri'    => target_uri.path,
+      'uri'    => normalize_uri(target_uri.path),
       'ctype'  => 'application/xml',
       'data'   => xstream_payload(cmd)
     )