From 9953821451e522313500241769b202b9d8c549f6 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 3 Feb 2014 12:16:06 -0600
Subject: [PATCH 1/3] Fix desc on Drupal module, some peer prints

---
 modules/auxiliary/gather/drupal_openid_xxe.rb | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/modules/auxiliary/gather/drupal_openid_xxe.rb b/modules/auxiliary/gather/drupal_openid_xxe.rb
index 470364421c..0f69e2fca2 100644
--- a/modules/auxiliary/gather/drupal_openid_xxe.rb
+++ b/modules/auxiliary/gather/drupal_openid_xxe.rb
@@ -17,10 +17,11 @@ class Metasploit3 < Msf::Auxiliary
     super(update_info(info,
       'Name'           => 'Drupal OpenID External Entity Injection',
       'Description'    => %q{
-        This module abuses a XML External Entity Injection on the OpenID module
-        from Drupal. The vulnerability exists on the parsing of a malformed XRDS
-        file coming from a malicious OpenID endpoint. This module has been tested
-        successfully in Drupal 7.15 and 7.2 with the OpenID module enabled.
+        This module abuses an XML External Entity Injection
+        vulnerability on the OpenID module from Drupal. The vulnerability exists
+        in the parsing of a malformed XRDS file coming from a malicious OpenID
+        endpoint. This module has been tested successfully on Drupal 7.15 and
+        7.2 with the OpenID module enabled.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -102,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
     res = send_openid_auth(signature)
 
     unless res
-      vprint_status("Connection timed out")
+      vprint_status("#{peer} - Connection timed out")
       return Exploit::CheckCode::Unknown
     end
 
@@ -157,12 +158,12 @@ class Metasploit3 < Msf::Auxiliary
 
   def on_request_uri(cli, request)
     if request.uri =~ /#{@prefix}/
-      vprint_status("Signature found, parsing file...")
+      vprint_status("#{peer} - Signature found, parsing file...")
       @http_loot = parse_loot(request.uri)
       return
     end
 
-    print_status("Sending XRDS...")
+    print_status("#{peer} - Sending XRDS...")
     send_response_html(cli, xrds_file, { 'Content-Type' => 'application/xrds+xml' })
   end
 

From d34020115ae3567d38c2bc99862227afceb499d4 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 3 Feb 2014 13:13:57 -0600
Subject: [PATCH 2/3] Fix up on apache descs and print_* methods

---
 modules/exploits/multi/http/struts_dev_mode.rb   | 4 ++--
 modules/exploits/multi/http/tomcat_mgr_upload.rb | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/exploits/multi/http/struts_dev_mode.rb b/modules/exploits/multi/http/struts_dev_mode.rb
index 6bd7c2854f..cab5218aa2 100644
--- a/modules/exploits/multi/http/struts_dev_mode.rb
+++ b/modules/exploits/multi/http/struts_dev_mode.rb
@@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Apache Struts Developer Mode OGNL Execution',
+      'Name'           => 'Apache Struts 2 Developer Mode OGNL Execution',
       'Description'    => %q{
         This module exploits a remote command execution vulnerability in Apache
         Struts 2. The problem exists on applications running in developer mode,
         where the DebuggingInterceptor allows evaluation and execution of OGNL
         expressions, which allows remote attackers to execute arbitrary Java
-        code. This module has been tested successfully in Struts 2.3.16, Tomcat
+        code. This module has been tested successfully on Struts 2.3.16, Tomcat
         7 and Ubuntu 10.04.
       },
       'Author'         =>
diff --git a/modules/exploits/multi/http/tomcat_mgr_upload.rb b/modules/exploits/multi/http/tomcat_mgr_upload.rb
index 700f280cbb..5d24ce3b54 100644
--- a/modules/exploits/multi/http/tomcat_mgr_upload.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb
@@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'        => 'Apache Tomcat Manager Application Upload Authenticated Code Execution',
+      'Name'        => 'Apache Tomcat Manager Authenticated Upload Code Execution',
       'Description' => %q{
         This module can be used to execute a payload on Apache Tomcat servers that
         have an exposed "manager" application. The payload is uploaded as a WAR archive
@@ -198,7 +198,7 @@ class Metasploit3 < Msf::Exploit::Remote
     res = send_request_raw('uri' => path)
 
     unless res and res.code == 200
-      vprint_error("Failed: Error requesting #{path}")
+      vprint_error("#{peer} - Failed: Error requesting #{path}")
       return nil
     end
 
@@ -372,7 +372,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     if res.code < 200 or res.code >= 300
       vprint_warning("Warning: The web site asked for authentication: #{res.headers['WWW-Authenticate'] || res.headers['Authentication']}") if res.code == 401
-      vprint_error("Upload failed on #{upload_path} [#{res.code} #{res.message}]")
+      vprint_error("#{peer} - Upload failed on #{upload_path} [#{res.code} #{res.message}]")
       return false
     end
 
@@ -423,4 +423,4 @@ class Metasploit3 < Msf::Exploit::Remote
     return true
   end
 
-end
\ No newline at end of file
+end

From 7e2a9a70723ef51487f168578450d31b068012db Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 3 Feb 2014 13:18:34 -0600
Subject: [PATCH 3/3] More desc fixes, add a vprint to give a hint

---
 modules/exploits/unix/webapp/simple_e_document_upload_exec.rb | 2 +-
 modules/exploits/unix/webapp/skybluecanvas_exec.rb            | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb
index 59a13ca1d0..d6dc1e45b6 100644
--- a/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb
+++ b/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb
@@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
     data.add_part(php, 'application/octet-stream', nil, "form-data; name=\"fileupload\"; filename=\"#{@fname}\"")
     post_data = data.to_s.gsub(/^\r\n--_Part_/, '--_Part_')
 
-    print_status("#{peer} - Uploading malicious file...")
+    print_status("#{peer} - Uploading PHP payload...")
     res = send_request_cgi({
       'method'   => 'POST',
       'uri'      => normalize_uri(target_uri.path, 'upload.php'),
diff --git a/modules/exploits/unix/webapp/skybluecanvas_exec.rb b/modules/exploits/unix/webapp/skybluecanvas_exec.rb
index 6a9f3d4db2..d6c3324dc1 100644
--- a/modules/exploits/unix/webapp/skybluecanvas_exec.rb
+++ b/modules/exploits/unix/webapp/skybluecanvas_exec.rb
@@ -76,6 +76,8 @@ class Metasploit3 < Msf::Exploit::Remote
   def exploit
     uri = normalize_uri(target_uri.path.to_s, "index.php")
 
+    vprint_status("#{peer} - Sending request to #{uri}.")
+
     send_request_cgi({
       'method'  => 'POST',
       'uri'     => uri,