Fix issues: double encoding bug, nessus scanner logging, remove dead cgi option

lib/metasploit/framework/login_scanner/axis2.rb

@@ -30,14 +30,14 @@ module Metasploit
 
           begin
             # Refactor to access Metasploit::Framework::LoginScanner::HTTP#send_request()
-            # to send request to the HTTP server and obtain a response      
+            # to send request to the HTTP server and obtain a response
             response = send_request({
               'uri' => uri,
               'method' => 'POST',
               'vars_post' =>
                {
-                 'userName' => Rex::Text.uri_encode(credential.public),
-                 'password' => Rex::Text.uri_encode(credential.private),
+                 'userName' => credential.public,
+                 'password' => credential.private,
                  'submit' => '+Login+'
                }
             })

lib/metasploit/framework/login_scanner/chef_webui.rb

@@ -47,8 +47,7 @@ module Metasploit
         def check_setup
           begin
             res = send_request({
-              'uri' => normalize_uri('/users/login'),
-              'cgi' => false
+              'uri' => normalize_uri('/users/login')
             })
             return "Connection failed" if res.nil?
 
@@ -71,7 +70,7 @@ module Metasploit
         #
         # @param (see Rex::Proto::Http::Resquest#request_raw)
         # @return [Rex::Proto::Http::Response] The HTTP response
-        def send_request(opts) 
+        def send_request(opts)
           res = super(opts)
 
           # Save the session ID cookie
@@ -102,8 +101,7 @@ module Metasploit
             'headers' => {
               'Content-Type'   => 'application/x-www-form-urlencoded',
               'Cookie'         => "#{self.session_name}=#{self.session_id}"
-            },
-            'cgi' => false
+            }
           }
 
           send_request(opts)
@@ -120,8 +118,7 @@ module Metasploit
 
           # Obtain a CSRF token first
           res = send_request({
-            'uri' => normalize_uri('/users/login'),
-            'cgi' => false  
+            'uri' => normalize_uri('/users/login')
           })
           unless (res && res.code == 200 && res.body =~ /input name="authenticity_token" type="hidden" value="([^"]+)"/m)
             return {:status => Metasploit::Model::Login::Status::UNTRIED, :proof => res.body}
@@ -136,8 +133,7 @@ module Metasploit
               'method'  => 'GET',
               'headers' => {
                 'Cookie'  => "#{self.session_name}=#{self.session_id}"
-              },
-              'cgi' => false
+              }
             }
             res = send_request(opts)
             if (res && res.code == 200 && res.body.to_s =~ /New password for the User/)

lib/metasploit/framework/login_scanner/glassfish.rb

@@ -32,7 +32,6 @@ module Metasploit
           begin
             res = send_request({
               'uri' => '/common/index.jsf',
-              'cgi' => false
             })
             return "Connection failed" if res.nil?
             if !([200, 302].include?(res.code))

lib/metasploit/framework/login_scanner/ipboard.rb

@@ -16,7 +16,7 @@ module Metasploit
         attr_accessor :http_password
 
         # (see Base#attempt_login)
-        def attempt_login(credential) 
+        def attempt_login(credential)
           result_opts = {
               credential: credential,
               host: host,

lib/metasploit/framework/login_scanner/mybook_live.rb

@@ -33,13 +33,12 @@ module Metasploit
             result_opts[:service_name] = 'http'
           end
           begin
-            cred = Rex::Text.uri_encode(credential.private) 
             res = send_request({
               'method' => method,
               'uri' => uri,
               'vars_post' => {
                 'data[Login][owner_name]' => 'admin',
-                'data[Login][owner_passwd]' => cred
+                'data[Login][owner_passwd]' => credential.private
               }
             })
 

lib/metasploit/framework/login_scanner/zabbix.rb

@@ -42,8 +42,7 @@ module Metasploit
         def check_setup
           begin
             res = send_request({
-              'uri' => normalize_uri('/'),
-              'cgi' => false
+              'uri' => normalize_uri('/')
             })
             return "Connection failed" if res.nil?
 
@@ -100,8 +99,7 @@ module Metasploit
             'data'    => data,
             'headers' => {
               'Content-Type'   => 'application/x-www-form-urlencoded'
-            },
-            'cgi' => false
+            }
           }
 
           send_request(opts)
@@ -114,8 +112,7 @@ module Metasploit
             'method'  => 'GET',
             'headers' => {
               'Cookie'  => "#{self.zsession}"
-            },
-            'cgi' => false
+            }
           }
           send_request(opts)
         end

modules/auxiliary/scanner/nessus/nessus_rest_login.rb

@@ -43,6 +43,7 @@ class MetasploitModule < Msf::Auxiliary
     )
 
     @scanner = Metasploit::Framework::LoginScanner::Nessus.new(
+      configure_http_login_scanner(
         host: ip,
         port: datastore['RPORT'],
         uri: datastore['TARGETURI'],
@@ -51,6 +52,7 @@ class MetasploitModule < Msf::Auxiliary
         stop_on_success:    datastore['STOP_ON_SUCCESS'],
         bruteforce_speed:   datastore['BRUTEFORCE_SPEED'],
         connection_timeout: 5
+      )
     )
     @scanner.ssl         = datastore['SSL']
     @scanner.ssl_version = datastore['SSLVERSION']