From 3f348150c6807c99255440f42124a58d75c58fc2 Mon Sep 17 00:00:00 2001 From: reanar Date: Sun, 30 Apr 2017 16:38:39 +0200 Subject: [PATCH] Modification of description --- .../auxiliary/dos/http/wordpress_directory_traversal_dos.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/dos/http/wordpress_directory_traversal_dos.rb b/modules/auxiliary/dos/http/wordpress_directory_traversal_dos.rb index ec42291087..951d08faa2 100644 --- a/modules/auxiliary/dos/http/wordpress_directory_traversal_dos.rb +++ b/modules/auxiliary/dos/http/wordpress_directory_traversal_dos.rb @@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary super(update_info( info, 'Name' => 'WordPress Traversal Directory DoS', - 'Description' => %q{Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.}, + 'Description' => %q{Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.}, 'License' => MSF_LICENSE, 'Author' => [ @@ -25,7 +25,7 @@ class MetasploitModule < Msf::Auxiliary ['CVE', '2016-6897'], ['EDB', '40288'], ['OVEID', 'OVE-20160712-0036'], - ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2016-6896'] + ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2016-6897'] ], ))