From 755d2d3261ee2f4c2d4b2bdf45fc8e6d8eabe45f Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Tue, 30 Jun 2020 11:17:26 -0500
Subject: [PATCH] Use subpar regex validation on LEAK_FILE

---
 .../exploits/linux/http/cisco_ucs_cloupia_script_rce.rb   | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/linux/http/cisco_ucs_cloupia_script_rce.rb b/modules/exploits/linux/http/cisco_ucs_cloupia_script_rce.rb
index 8878bbd160..a5651e3b5e 100644
--- a/modules/exploits/linux/http/cisco_ucs_cloupia_script_rce.rb
+++ b/modules/exploits/linux/http/cisco_ucs_cloupia_script_rce.rb
@@ -91,7 +91,9 @@ class MetasploitModule < Msf::Exploit::Remote
         [
           true,
           'Leak API key from this file (absolute path)',
-          '/opt/infra/idaccessmgr/logfile.txt'
+          '/opt/infra/idaccessmgr/logfile.txt',
+          nil, # enums
+          %r{^/.+$} # LEAK_FILE must be an absolute path
         ]
       )
     ])
@@ -118,10 +120,6 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def exploit
-    unless datastore['LEAK_FILE'].start_with?('/')
-      fail_with(Failure::BadConfig, 'LEAK_FILE is not an absolute path')
-    end
-
     # Randomly named file is never written to the exports directory
     create_exports_dir(
       '/opt/infra/web_cloudmgr/apache-tomcat/webapps/app/cloudmgr/exports',