From 9953821451e522313500241769b202b9d8c549f6 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 3 Feb 2014 12:16:06 -0600 Subject: [PATCH] Fix desc on Drupal module, some peer prints --- modules/auxiliary/gather/drupal_openid_xxe.rb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/auxiliary/gather/drupal_openid_xxe.rb b/modules/auxiliary/gather/drupal_openid_xxe.rb index 470364421c..0f69e2fca2 100644 --- a/modules/auxiliary/gather/drupal_openid_xxe.rb +++ b/modules/auxiliary/gather/drupal_openid_xxe.rb @@ -17,10 +17,11 @@ class Metasploit3 < Msf::Auxiliary super(update_info(info, 'Name' => 'Drupal OpenID External Entity Injection', 'Description' => %q{ - This module abuses a XML External Entity Injection on the OpenID module - from Drupal. The vulnerability exists on the parsing of a malformed XRDS - file coming from a malicious OpenID endpoint. This module has been tested - successfully in Drupal 7.15 and 7.2 with the OpenID module enabled. + This module abuses an XML External Entity Injection + vulnerability on the OpenID module from Drupal. The vulnerability exists + in the parsing of a malformed XRDS file coming from a malicious OpenID + endpoint. This module has been tested successfully on Drupal 7.15 and + 7.2 with the OpenID module enabled. }, 'License' => MSF_LICENSE, 'Author' => @@ -102,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary res = send_openid_auth(signature) unless res - vprint_status("Connection timed out") + vprint_status("#{peer} - Connection timed out") return Exploit::CheckCode::Unknown end @@ -157,12 +158,12 @@ class Metasploit3 < Msf::Auxiliary def on_request_uri(cli, request) if request.uri =~ /#{@prefix}/ - vprint_status("Signature found, parsing file...") + vprint_status("#{peer} - Signature found, parsing file...") @http_loot = parse_loot(request.uri) return end - print_status("Sending XRDS...") + print_status("#{peer} - Sending XRDS...") send_response_html(cli, xrds_file, { 'Content-Type' => 'application/xrds+xml' }) end