From e66fd8f5aec3372de3ba7cff9502df80b445a7cc Mon Sep 17 00:00:00 2001
From: Pflegusch <dennis.pfleger@web.de>
Date: Thu, 9 Mar 2023 17:03:48 +0100
Subject: [PATCH] Use rand_text_alphanumeric function

---
 modules/exploits/multi/http/open_web_analytics_rce.rb | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/modules/exploits/multi/http/open_web_analytics_rce.rb b/modules/exploits/multi/http/open_web_analytics_rce.rb
index c3824541f3..8887101f0a 100644
--- a/modules/exploits/multi/http/open_web_analytics_rce.rb
+++ b/modules/exploits/multi/http/open_web_analytics_rce.rb
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'keep_cookies' => true,
       'vars_post' => {
         'owa_user_id' => username,
-        'owa_password' => get_random_string(8),
+        'owa_password' => rand_text_alphanumeric(8),
         'owa_action' => 'base.login'
       }
     )
@@ -179,7 +179,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'uri' => normalize_uri(target_uri.path, '/index.php?owa_do=base.optionsGeneral')
     )
 
-    shell_filename = "#{get_random_string(8)}.php"
+    shell_filename = "#{rand_text_alphanumeric(8)}.php"
     shell_url = "#{base_url}owa-data/caches/#{shell_filename}"
 
     nonce = get_update_nonce(res)
@@ -250,11 +250,6 @@ class MetasploitModule < Msf::Exploit::Remote
     url
   end
 
-  def get_random_string(length)
-    chars = ('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a
-    length.times.map { chars.sample }.join
-  end
-
   def get_cache_content(cache_raw)
     regex_cache_base64 = /\*(\w*)/
     regex_result = cache_raw.match(regex_cache_base64)