Add normalize_uri to modules that may have

been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> rapid7#1045

modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb

@@ -79,8 +79,9 @@ def run_host(ip)
 		print_status("Issuing password change request for: " + datastore['USERNAME'])
 
 		begin
+			uri = normalize_uri(datastore['TARGETURI'])
 			res = send_request_cgi({
-				'uri'     => target_uri.path,
+				'uri'     => uri,
 				'method'  => 'POST',
 				'data'    => data,
 				'headers' =>

modules/auxiliary/admin/http/contentkeeper_fileaccess.rb

@@ -48,7 +48,7 @@ def run_host(ip)
 			res = send_request_raw(
 				{
 					'method'  => 'POST',
-					'uri'     => datastore['URL'] + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
+					'uri'     => normalize_uri(datastore['URL']) + '?-o+' + '/home/httpd/html/' + tmpfile + '+' + datastore['FILE'],
 				}, 25)
 
 			if (res and res.code == 500)

modules/auxiliary/admin/http/iis_auth_bypass.rb

@@ -43,7 +43,7 @@ def initialize(info = {})
 
 
 	def has_auth
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1, 1] != '/'
 
 		res = send_request_cgi({
@@ -56,7 +56,7 @@ def has_auth
 	end
 
 	def try_auth
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1, 1] != '/'
 		uri << Rex::Text.rand_text_alpha(rand(10)+5) + ".#{Rex::Text.rand_text_alpha(3)}"
 

modules/auxiliary/admin/http/intersil_pass_reset.rb

@@ -73,7 +73,7 @@ def run
 		@peer = "#{rhost}:#{rport}"
 		return if check != Exploit::CheckCode::Vulnerable
 
-		uri = target_uri.path
+		uri = normalize_uri(target_uri.path)
 		uri << '/' if uri[-1,1] != '/'
 
 		res = send_request_cgi({

modules/auxiliary/admin/http/jboss_seam_exec.rb

@@ -42,7 +42,7 @@ def initialize(info = {})
 	end
 
 	def run
-		jbr = datastore['JBOSS_ROOT']
+		jbr = normalize_uri(datastore['JBOSS_ROOT'])
 		cmd_enc = ""
 		cmd_enc << Rex::Text.uri_encode(datastore["CMD"])
 

modules/auxiliary/admin/http/scrutinizer_add_user.rb

@@ -45,9 +45,10 @@ def initialize(info = {})
 	end
 
 	def run
+		uri = normalize_uri(target_uri.path)
 		res = send_request_cgi({
 			'method'    => 'POST',
-			'uri'       => target_uri.path,
+			'uri'       => uri,
 			'vars_post' => {
 				'tool'              => 'userprefs',
 				'newUser'           => datastore['USERNAME'],

modules/auxiliary/admin/http/typo3_sa_2009_001.rb

@@ -68,6 +68,7 @@ def run
 	# Null byte fixed in PHP 5.3.4
 	#
 
+    uri = normalize_uri(datastore['URI'])
 	case datastore['RFILE']
 	when nil
 		# Nothing
@@ -100,8 +101,7 @@ def run
 		juhash = Digest::MD5.hexdigest(juarray)
 		juhash = juhash[0..9] # shortMD5 value for use as juhash
 
-		file_uri = "#{datastore['URI']}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
-		file_uri = file_uri.sub("//", "/") # Prevent double // from appearing in uri
+		file_uri = "#{uri}/index.php?jumpurl=#{jumpurl}&juSecure=1&locationData=#{locationData}&juHash=#{juhash}"
 		vprint_status("Checking Encryption Key [#{i}/1000]: #{final}")
 
 		begin

modules/auxiliary/admin/tikiwiki/tikidblib.rb

@@ -52,7 +52,8 @@ def initialize(info = {})
 	def run
 		print_status("Establishing a connection to the target...")
 
-		rpath = datastore['URI'] + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
+        uri = normalize_uri(datastore['URI'])
+		rpath = uri + "/tiki-lastchanges.php?days=1&offset=0&sort_mode="
 
 		res = send_request_raw({
 			'uri'     => rpath,

modules/auxiliary/admin/webmin/file_disclosure.rb

@@ -70,7 +70,8 @@ def initialize(info = {})
 	def run
 		print_status("Attempting to retrieve #{datastore['RPATH']}...")
 
-		uri = Rex::Text.uri_encode(datastore['DIR']) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
+        dir = normalize_uri(datastore['DIR'])
+		uri = Rex::Text.uri_encode(dir) + "/..%01" * 40 + Rex::Text.uri_encode(datastore['RPATH'])
 
 		res = send_request_raw({
 			'uri'            => uri,

modules/auxiliary/dos/http/apache_range_dos.rb

@@ -50,7 +50,7 @@ def initialize(info = {})
 	end
 
 	def run
-		uri = datastore['URI']
+		uri = normalize_uri(datastore['URI'])
 		ranges = ''
 		for i in (0..1299) do
 			ranges += ",5-" + i.to_s

modules/auxiliary/dos/http/hashcollision_dos.rb

@@ -202,7 +202,7 @@ def run
 			print_status("Sending request ##{x}...")
 			opts = {
 				'method'	=> 'POST',
-				'uri'		=> datastore['URL'],
+				'uri'		=> normalize_uri(datastore['URL']),
 				'data'		=> payload
 			}
 			begin

modules/auxiliary/dos/http/sonicwall_ssl_format.rb

@@ -55,7 +55,7 @@ def run
 		fmt = datastore['FORMAT'] + "XX"  # XX is 2 bytes used to mark end of memory garbage for regexp
 		begin
 			res = send_request_raw({
-				'uri' => datastore['URI'] + fmt,
+				'uri' => normalize_uri(datastore['URI']) + fmt,
 			})
 
 			if res and res.code == 200

modules/auxiliary/dos/http/webrick_regex.rb

@@ -44,7 +44,7 @@ def initialize(info = {})
 	def run
 		begin
 			o = {
-				'uri' => datastore['URI'] || '/',
+				'uri' => normalize_uri(datastore['URI']) || '/',
 				'headers' => {
 					'If-None-Match' => %q{foo=""} + %q{bar="baz" } * 100
 				}

modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb

@@ -52,15 +52,16 @@ def initialize(info = {})
 
 
 	def run
-		print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{datastore['URI']}")
+		uri = normalize_uri(datastore['URI'])
+		print_status("Attacking http://#{datastore['VHOST'] || rhost}:#{rport}#{uri}")
 
 		begin
 			while(1)
 				begin
 					connect
 					payload = "C=A&" * 40000
 					length = payload.size
-					sploit = "HEAD #{datastore['URI']} HTTP/1.1\r\n"
+					sploit = "HEAD #{uri} HTTP/1.1\r\n"
 					sploit << "Host: #{datastore['VHOST'] || rhost}\r\n"
 					sploit << "Connection:Close\r\n"
 					sploit << "Content-Type: application/x-www-form-urlencoded\r\n"

modules/auxiliary/fuzzers/http/http_form_field.rb

@@ -484,7 +484,7 @@ def run
 		print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']}")
 		response = send_request_raw(
 		{
-			'uri' => datastore['URL'],
+			'uri' => normalize_uri(datastore['URL']),
 			'version' => '1.1',
 			'method' => 'GET',
 			'headers' => @get_data_headers
@@ -502,7 +502,7 @@ def run
 
 			response = send_request_raw(
 			{
-				'uri' => datastore['URL'],
+				'uri' => normalize_uri(datastore['URL']),
 				'version' => '1.1',
 				'method' => 'GET',
 				'headers' => @get_data_headers

modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb

@@ -47,8 +47,9 @@ def initialize(info = {})
 	def run_host(ip)
 
 		print_status("#{rhost}:#{rport} - Sending request...")
+		uri = normalize_uri(target_uri.path)
 		res = send_request_cgi({
-			'uri'          => "/#{target_uri.to_s}",
+			'uri'          => uri,
 			'method'       => 'GET',
 		})
 

modules/auxiliary/scanner/http/apache_userdir_enum.rb

@@ -60,7 +60,8 @@ def initialize
 	end
 
 	def target_url
-		"http://#{vhost}:#{rport}#{datastore['URI']}"
+		uri = normalize_uri(datastore['URI'])
+		"http://#{vhost}:#{rport}#{uri}"
 	end
 
 	def run_host(ip)
@@ -88,7 +89,8 @@ def run_host(ip)
 	def do_login(user)
 
 		vprint_status("#{target_url}~#{user} - Trying UserDir: '#{user}'")
-		payload = "#{datastore['URI']}~#{user}/"
+		uri = normalize_uri(datastore['URI'])
+		payload = "#{uri}~#{user}/"
 		begin
 			res = send_request_cgi(
 				{

modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb

@@ -58,8 +58,9 @@ def rport
 	end
 
 	def run_host(ip)
+		uri = normalize_uri(target_uri.path)
 		res = send_request_cgi({
-			'uri'     => target_uri.to_s,
+			'uri'     => uri,
 			'method'  => 'GET'})
 
 		if not res
@@ -71,6 +72,7 @@ def run_host(ip)
 	end
 
 	def accessfile(rhost)
+		uri = normalize_uri(target_uri.path)
 		print_status("#{rhost}:#{rport} Connecting to Crowd SOAP Interface")
 
 		soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
@@ -122,7 +124,7 @@ def accessfile(rhost)
 		data << '</soap:attributes>' + "\r\n"
 
 		res = send_request_cgi({
-				'uri'      => target_uri.to_s,
+				'uri'      => uri,
 				'method'   => 'POST',
 				'ctype'    => 'text/xml; charset=UTF-8',
 				'data'     => data,

modules/auxiliary/scanner/http/axis_local_file_include.rb

@@ -47,11 +47,12 @@ def initialize
 	end
 
 	def target_url
-		"http://#{vhost}:#{rport}#{datastore['URI']}"
+		uri = normalize_uri(datastore['URI'])
+		"http://#{vhost}:#{rport}#{uri}"
 	end
 
 	def run_host(ip)
-		uri = datastore['URI']
+		uri = normalize_uri(datastore['URI'])
 
 		begin
 			res = send_request_raw({
@@ -62,11 +63,11 @@ def run_host(ip)
 			if (res and res.code == 200)
 				extract_uri = res.body.to_s.match(/\/axis2\/services\/([^\s]+)\?/)
 				new_uri = "/axis2/services/#{$1}"
-
+				new_uri = normalize_uri(new_uri)
 				get_credentials(new_uri)
 
 			else
-				print_status("#{target_url} - Apache Axis - The remote page not accessible")
+				print_status("#{uri} - Apache Axis - The remote page not accessible")
 				return
 
 			end
@@ -86,7 +87,7 @@ def get_credentials(uri)
 				'uri'     => "#{uri}" + lfi_payload,
 			}, 25)
 
-			print_status("#{target_url} - Apache Axis - Dumping administrative credentials")
+			print_status("#{uri} - Apache Axis - Dumping administrative credentials")
 
 			if (res and res.code == 200)
 				if res.body.to_s.match(/axisconfig/)

modules/auxiliary/scanner/http/backup_file.rb

@@ -53,7 +53,7 @@ def run_host(ip)
 		]
 
 		bakextensions.each do |ext|
-			file = datastore['PATH']+ext
+			file = normalize_uri(datastore['PATH'])+ext
 			check_for_file(file)
 		end
 		if datastore['PATH'] =~ %r#(.*)(/.+$)#

modules/auxiliary/scanner/http/barracuda_directory_traversal.rb

@@ -51,11 +51,12 @@ def initialize
 	end
 
 	def target_url
-		"http://#{vhost}:#{rport}#{datastore['URI']}"
+		uri = normalize_uri(datastore['URI']
+		"http://#{vhost}:#{rport}#{uri}"
 	end
 
 	def run_host(ip)
-		uri = datastore['URI']
+		uri = normalize_uri(datastore['URI'])
 		file = datastore['FILE']
 		payload = "?locale=/../../../../../../..#{file}%00"
 

modules/auxiliary/scanner/http/bitweaver_overlay_type_traversal.rb

@@ -49,7 +49,7 @@ def initialize(info = {})
 
 
 	def run_host(ip)
-		base = target_uri.path
+		base = normalize_uri(target_uri.path)
 		base << '/' if base[-1,1] != '/'
 
 		peer = "#{ip}:#{rport}"

modules/auxiliary/scanner/http/blind_sql_query.rb

@@ -141,7 +141,7 @@ def run_host(ip)
 		#SEND NORMAL REQUEST
 			begin
 				normalres = send_request_cgi({
-					'uri'  		=> datastore['PATH'],
+					'uri'  		=> normalize_uri(datastore['PATH']),
 					'vars_get' 	=> gvars,
 					'method'   	=> http_method,
 					'ctype'		=> 'application/x-www-form-urlencoded',
@@ -189,7 +189,7 @@ def run_host(ip)
 
 					begin
 						trueres = send_request_cgi({
-							'uri'  		=>  datastore['PATH'],
+							'uri'  		=>  normalize_uri(datastore['PATH']),
 							'vars_get' 	=>  testgvars,
 							'method'   	=>  http_method,
 							'ctype'		=> 'application/x-www-form-urlencoded',
@@ -206,7 +206,7 @@ def run_host(ip)
 
 					begin
 						falseres = send_request_cgi({
-							'uri'  		=>  datastore['PATH'],
+							'uri'  		=>  normalize_uri(datastore['PATH']),
 							'vars_get' 	=>  testgvars,
 							'method'   	=>  http_method,
 							'ctype'		=> 'application/x-www-form-urlencoded',
@@ -236,7 +236,7 @@ def run_host(ip)
 							:port	=> rport,
 							:vhost  => vhost,
 							:ssl    => ssl,
-							:path	=> datastore['PATH'],
+							:path	=> normalize_uri(datastore['PATH']),
 							:method => http_method,
 							:pname  => key,
 							:proof  => "blind sql inj.",
@@ -272,7 +272,7 @@ def run_host(ip)
 
 					begin
 						trueres = send_request_cgi({
-							'uri'  		=>  datastore['PATH'],
+							'uri'  		=>  normalize_uri(datastore['PATH']),
 							'vars_get' 	=>  gvars,
 							'method'   	=>  http_method,
 							'ctype'		=> 'application/x-www-form-urlencoded',
@@ -297,7 +297,7 @@ def run_host(ip)
 
 					begin
 						falseres = send_request_cgi({
-							'uri'  		=>  datastore['PATH'],
+							'uri'  		=>  normalize_uri(datastore['PATH']),
 							'vars_get' 	=>  gvars,
 							'method'   	=>  http_method,
 							'ctype'		=> 'application/x-www-form-urlencoded',

modules/auxiliary/scanner/http/brute_dirs.rb

@@ -59,7 +59,7 @@ def run_host(ip)
 
 		conn = false
 
-		tpath = datastore['PATH']
+		tpath = normalize_uri(datastore['PATH'])
 		if tpath[-1,1] != '/'
 			tpath += '/'
 		end

modules/auxiliary/scanner/http/clansphere_traversal.rb

@@ -45,7 +45,7 @@ def initialize(info = {})
 
 
 	def run_host(ip)
-		base = target_uri.path
+		base = normalize_uri(target_uri.path)
 		base << '/' if base[-1,1] != '/'
 
 		peer = "#{ip}:#{rport}"

modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb

@@ -57,7 +57,7 @@ def initialize
 
 	def run_host(ip)
 
-		url = datastore['URL']
+		url = normalize_uri(datastore['URL'])
 		locale = "?locale="
 		trav = datastore['PATH']