Minor typos and grammar fixes

2014-11-13 14:48:23 -06:00 · 2014-11-13 14:48:23 -06:00 · dd1920edd6
parent 714ce2f3ce
commit dd1920edd6
8 changed files with 13 additions and 13 deletions
--- a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
+++ b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Auxiliary
        ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection
        vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate
        privileges and obtain Super Administrator access. A Super Administrator can then
-        use its privileges to dump the whole password database in CSV format. PMP can use
+        use his privileges to dump the whole password database in CSV format. PMP can use
        both MySQL and PostgreSQL databases but this module only exploits the latter as
        MySQL does not support stacked queries with Java. PostgreSQL is the default database
        in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL,
--- a/modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb
+++ b/modules/auxiliary/admin/mssql/mssql_enum_sql_logins.rb
@ -18,10 +18,10 @@ class Metasploit3 < Msf::Auxiliary
        Selecting all of the logins from the master..syslogins table is restricted to sysadmins.
        However, logins with the PUBLIC role (everyone) can quickly enumerate all SQL Server
        logins using the SUSER_SNAME function by fuzzing the principal_id parameter. This is
-        pretty simple, because the principal ids assigned to logins are incremental.  Once logins
+        pretty simple, because the principal IDs assigned to logins are incremental.  Once logins
        have been enumerated they can be verified via sp_defaultdb error analysis. This is
-        important, because not all of the principal ids resolve to SQL logins.  Some resolve to
-        roles etc. Once logins have been enumerated they can be used in dictionary attacks.
+        important, because not all of the principal IDs resolve to SQL logins (some resolve to
+        roles instead) Once logins have been enumerated, they can be used in dictionary attacks.
      },
      'Author'      => ['nullbind <scott.sutherland[at]netspi.com>'],
      'License'     => MSF_LICENSE,
--- a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb
+++ b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as.rb
@ -15,7 +15,7 @@ class Metasploit3 < Msf::Auxiliary
      'Name'        => 'Microsoft SQL Server - Escalate EXECUTE AS',
      'Description' => %q{
        This module can be used escalate privileges if the IMPERSONATION privilege has been
-        assigned to the user. In most cases this results in additional data access, but in
+        assigned to the user. In most cases, this results in additional data access, but in
        some cases it can be used to gain sysadmin privileges.
      },
      'Author'      => ['nullbind <scott.sutherland[at]netspi.com>'],
--- a/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb
+++ b/modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb
@ -16,7 +16,7 @@ class Metasploit3 < Msf::Auxiliary
      'Name'           => 'Microsoft SQL Server - SQLi Escalate Execute As',
      'Description'    => %q{
        This module can be used escalate privileges if the IMPERSONATION privilege has been
-        assigned to the user via error based SQL injection.  In most cases this results in
+        assigned to the user via error based SQL injection.  In most cases, this results in
        additional data access, but in some cases it can be used to gain sysadmin privileges.
        The syntax for injection URLs is: /testing.asp?id=1+and+1=[SQLi];--
      },
--- a/modules/auxiliary/gather/eventlog_cred_disclosure.rb
+++ b/modules/auxiliary/gather/eventlog_cred_disclosure.rb
@ -19,8 +19,8 @@ class Metasploit3 < Msf::Auxiliary
        allow an unauthenticated user to obtain the superuser password of any managed Windows and
        AS/400 hosts. This module abuses both vulnerabilities to collect all the available
        usernames and passwords. First the agentHandler servlet is abused to get the hostid and
-        slid of each device (CVE-2014-6038); then these numeric id's are used to extract usernames
-        and passwords by abusing the hostdetails servlet (CVE-2014-6039). Note that on version 7
+        slid of each device (CVE-2014-6038); then these numeric IDs are used to extract usernames
+        and passwords by abusing the hostdetails servlet (CVE-2014-6039). Note that on version 7,
        the TARGETURI has to be prepended with /event.
      },
      'Author' =>
--- a/modules/exploits/multi/http/visual_mining_netcharts_upload.rb
+++ b/modules/exploits/multi/http/visual_mining_netcharts_upload.rb
@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
        First, a lack of input validation in the administration console permits
        arbitrary jsp code upload to locations accessible later through the web
        service. Authentication is typically required, however a 'hidden' user is
-        available by default (and non editable). This user, named 'Scheduler',
+        available by default (and non-editable). This user, named 'Scheduler',
        can only login to the console after any modification in the user
        database (a user is added, admin password is changed etc). If the
        'Scheduler' user isn't available valid credentials must be supplied. The
--- a/modules/exploits/windows/fileformat/ms14_064_packager_python.rb
+++ b/modules/exploits/windows/fileformat/ms14_064_packager_python.rb
@ -20,8 +20,8 @@ class Metasploit3 < Msf::Exploit::Remote
        publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista
        SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.
        However, based on our testing, the most reliable setup is on Windows platforms running
-        Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as
-        using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a
+        Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as
+        those using Office 2010 SP1 may be less stable, and may end up with a crash due to a
        failure in the CPackage::CreateTempFileName function.
      },
      'License'        => MSF_LICENSE,
--- a/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb
+++ b/modules/exploits/windows/fileformat/ms14_064_packager_run_as_admin.rb
@ -20,8 +20,8 @@ class Metasploit3 < Msf::Exploit::Remote
        The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms
        such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known
        to be vulnerable. However, based on our testing, the most reliable setup is on Windows
-        platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other
-        setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a
+        platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other
+        setups such as using Office 2010 SP1 might be less stable, and may end up with a
        crash due to a failure in the CPackage::CreateTempFileName function.
      },
      'License'        => MSF_LICENSE,