diff --git a/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb b/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb index 76a6f39bff..0ef6b962e0 100644 --- a/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb +++ b/modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb @@ -13,18 +13,18 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload', + 'Name' => 'Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload', 'Description' => %q{ The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8 is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme - functionality to upload a zip file containing the payload. The plugin used the + functionality to upload a zip file containing the payload. The plugin uses the admin_init hook, which is also executed for unauthenticated users when accessing - a specific URL. The developers tried to fix the vulnerablility - in version 2.6.7 but the fix can be bypassed. In PHPs default configuration, + a specific URL. The first fix for this vulnerability appeared in version 2.6.7, + but the fix can be bypassed. In PHP's default configuration, a POST variable overwrites a GET variable in the $_REQUEST array. The plugin uses $_REQUEST to check for access rights. By setting the POST parameter to something not beginning with 'wysija_', the check is bypassed. Wordpress uses - the $_GET array to determine the page and is so not affected by this. + the $_GET array to determine the page, so it is not affected by this. }, 'Author' => [ diff --git a/modules/exploits/windows/http/oracle_event_processing_upload.rb b/modules/exploits/windows/http/oracle_event_processing_upload.rb index 3337f9dcea..2fdaf9b065 100644 --- a/modules/exploits/windows/http/oracle_event_processing_upload.rb +++ b/modules/exploits/windows/http/oracle_event_processing_upload.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'Oracle Event Processing FileUploadServlet Arbitrary File Upload', 'Description' => %q{ - This module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing + This module exploits an arbitrary file upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty diff --git a/modules/payloads/stagers/windows/reverse_hop_http.rb b/modules/payloads/stagers/windows/reverse_hop_http.rb index 2a68812eff..a6f598c890 100644 --- a/modules/payloads/stagers/windows/reverse_hop_http.rb +++ b/modules/payloads/stagers/windows/reverse_hop_http.rb @@ -18,7 +18,11 @@ module Metasploit3 'Description' => "Tunnel communication over an HTTP hop point (note you must first upload "+ "the hop.php found at #{File.expand_path("../../../../data/php/hop.php", __FILE__)} "+ "to the HTTP server you wish to use as a hop)", - 'Author' => ['scriptjunkie ', 'hdm'], + 'Author' => + [ + 'scriptjunkie ', + 'hdm' + ], 'License' => MSF_LICENSE, 'Platform' => 'win', 'Arch' => ARCH_X86, @@ -37,8 +41,7 @@ module Metasploit3 deregister_options('LHOST', 'LPORT') register_options([ - OptString.new('HOPURL', - [ true, "The full URL of the hop script", "http://example.com/hop.php" ] + OptString.new('HOPURL', [ true, "The full URL of the hop script", "http://example.com/hop.php" ] ) ], self.class) end diff --git a/modules/post/windows/gather/credentials/skype.rb b/modules/post/windows/gather/credentials/skype.rb index a27e07d114..bd14ca2b88 100644 --- a/modules/post/windows/gather/credentials/skype.rb +++ b/modules/post/windows/gather/credentials/skype.rb @@ -49,9 +49,8 @@ hash.update "\nskyper\n" hash.update password puts hash.hexdigest - -=end +=end def decrypt_reg(data) rg = session.railgun