Update description

2013-04-24 17:34:25 -05:00 · 2013-04-24 17:34:25 -05:00 · b816dd569c
parent 573e880a62
commit b816dd569c
1 changed files with 6 additions and 4 deletions
--- a/modules/exploits/unix/webapp/php_wordpress_total_cache.rb
+++ b/modules/exploits/unix/webapp/php_wordpress_total_cache.rb
@ -19,10 +19,12 @@ class Metasploit3 < Msf::Exploit::Remote
 					This module exploits a PHP Code Injection vulnerability on the W3 Total Cache
 				wordpress plugin up to and including 0.9.2.8 version. The exploit is due to the
 				handle of some special macros, such as mfunc, which allow to inject arbitrary PHP
-				code. A valid post id where publish the malicious comment must be provided. Also
-				credentials if anonymous comments are allowed. Finally, comments shouldn't be
-				moderated in order finish the exploitation successfully. This module has been tested
-				against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.
+				code. A valid post id where publish the malicious comment is needed. The user can
+				provide it with the POSTID option, otherwise a valid one will try to be brute
+				forced. Also, if anonymous comments aren't allowed, valid credentials must be
+				provided. Finally, comments shouldn't be moderated in order finish the exploitation
+				successfully. This module has been tested against Wordpress 3.5 and W3 Total Cache
+				0.9.2.3 on a Ubuntu 10.04 system.
 			},
 			'Author'	=>
 				[