From 60ead5de439189db6181d9709e6c2e38e2266128 Mon Sep 17 00:00:00 2001
From: sinn3r <wei_chen@rapid7.com>
Date: Fri, 31 Jan 2014 12:05:58 -0600
Subject: [PATCH] Explain why we flag the vuln as "Appears" instead of
 vulnerable

---
 modules/exploits/multi/http/struts_dev_mode.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/struts_dev_mode.rb b/modules/exploits/multi/http/struts_dev_mode.rb
index ac94989169..6bd7c2854f 100644
--- a/modules/exploits/multi/http/struts_dev_mode.rb
+++ b/modules/exploits/multi/http/struts_dev_mode.rb
@@ -55,6 +55,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
+    vprint_status("Testing to see if the target can evaluate our Java code...")
     addend_one = rand_text_numeric(rand(3) + 1).to_i
     addend_two = rand_text_numeric(rand(3) + 1).to_i
     sum = addend_one + addend_two
@@ -66,7 +67,8 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     if res and res.code == 200 and res.body.to_s =~ /#{sum}/
-      vprint_status("#{peer} - Looks like the injection is being evaluated, but there is more data than expected in the response")
+      vprint_status("Code got evaluated. Target seems vulnerable, but the response contains something else:")
+      vprint_line(res.body.to_s)
       return Exploit::CheckCode::Appears
     end