From cbdb3a35b2ceafa35d9c7daec2979c0a28444d1b Mon Sep 17 00:00:00 2001
From: Daniel Teixeira <DanielRTeixeira@users.noreply.github.com>
Date: Fri, 6 Apr 2018 14:14:11 +0100
Subject: [PATCH] Update oscommerce_installer_unauth_code_exec.rb

---
 .../multi/http/oscommerce_installer_unauth_code_exec.rb    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb b/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb
index bd3cdb950a..c1aeaa790e 100644
--- a/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb
+++ b/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb
@@ -51,7 +51,12 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'GET'
     })
 
-    if res and res.code == 200 and res.body.include?('Welcome to osCommerce Online Merchant v2.3.4!')
+    ins = send_request_cgi({
+      'uri'     => normalize_uri(datastore['URI'], 'install.php'),
+      'method' => 'GET'
+    })
+
+    if ins && ins.code == 200 && res && res.code == 200 && res.body.include?('Welcome to osCommerce Online Merchant')
       return CheckCode::Vulnerable
     end