Land #5408, @g0tmi1k fixes verbiage and whitespace

2015-05-27 21:02:02 -04:00 · 2015-05-27 21:02:02 -04:00 · 24b4dacec5
parent 2ae9e39719 127d07342e
commit 24b4dacec5
4 changed files with 8 additions and 9 deletions
--- a/lib/msf/core/exploit/http/client.rb
+++ b/lib/msf/core/exploit/http/client.rb
@ -47,7 +47,7 @@ module Exploit::Remote::HttpClient
          Rex::Proto::Http::Client::DefaultUserAgent
          ]),
        OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
-        OptString.new('PASSWORD', [false, 'The HTTP password to specify for  authentication', '']),
+        OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
        OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
        OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
        OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
--- a/modules/exploits/multi/http/traq_plugin_exec.rb
+++ b/modules/exploits/multi/http/traq_plugin_exec.rb
@ -17,12 +17,11 @@ class Metasploit3 < Msf::Exploit::Remote
        This module exploits an arbitrary command execution vulnerability in
        Traq 2.0 to 2.3. It's in the admincp/common.php script.

-        This function is called in each script located into /admicp/ directory to
-        make sure the user has admin rights, but this is a broken authorization
-        schema due to the header() function doesn't stop the execution flow. This
-        can be exploited by malicious users to execute admin functionality resulting
-        for  e.g.  in execution of arbitrary PHP code leveraging of plugins.php
-        functionality.
+        This function is called in each script located in the /admicp/ directory to
+        make sure the user has admin rights. This is a broken authorization schema
+        because the header() function doesn't stop the execution flow.
+        This can be exploited by malicious users to execute admin functionality,
+        e.g. execution of arbitrary PHP code leveraging of plugins.php functionality.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
--- a/modules/exploits/windows/http/xampp_webdav_upload_php.rb
+++ b/modules/exploits/windows/http/xampp_webdav_upload_php.rb
@ -35,7 +35,7 @@ class Metasploit3 < Msf::Exploit::Remote
        OptString.new('PATH', [ true,  "The path to attempt to upload", '/webdav/']),
        OptString.new('FILENAME', [ false ,  "The filename to give the payload. (Leave Blank for Random)"]),
        OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', 'wampp']),
-        OptString.new('PASSWORD', [false, 'The HTTP password to specify for  authentication', 'xampp'])
+        OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', 'xampp'])
      ], self.class)
  end

--- a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb
+++ b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
        # The USERNAME and PASSWORD are registered again to make them more obvious they're
        # configurable.
        OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
-        OptString.new('PASSWORD', [false, 'The HTTP password to specify for  authentication', '']),
+        OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
        OptString.new('PATH', [ true,  "The path to attempt to upload", '/metasploit%RAND%.asp'])
      ], self.class)
  end