Land #3136, release fixes

2014-03-24 12:24:07 -05:00 · 2014-03-24 12:24:07 -05:00 · f12171d1a0
parent c7ba7e4d92 cfdd64d5b1
commit f12171d1a0
6 changed files with 15 additions and 16 deletions
--- a/modules/auxiliary/gather/joomla_weblinks_sqli.rb
+++ b/modules/auxiliary/gather/joomla_weblinks_sqli.rb
@ -84,7 +84,7 @@ class Metasploit3 < Msf::Auxiliary
    file = datastore['FILEPATH'].unpack("H*")[0]
    catid = datastore['CATEGORYID']

-    payload = catid.to_s 
+    payload = catid.to_s
    payload << ") UNION ALL SELECT CONCAT(0x#{front_marker.unpack('H*')[0]}"
    payload << ",IFNULL(CAST(HEX(LOAD_FILE("
    payload << "0x#{file})) AS CHAR),0x20),0x#{back_marker.unpack('H*')[0]})#"
--- a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb
+++ b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb
@ -15,9 +15,10 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'           => "Quantum vmPRO Backdoor Command",
      'Description'    => %q{
-        This module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin
+        This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin
        privileges, can get access to the restricted SSH shell. By using the hidden backdoor
-        "shell-escape" command it's possible to drop to a real root bash shell.
+        "shell-escape" command it's possible to drop to a real root bash shell. This module
+        has been tested successfully on Quantum vmPRO 3.1.2.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
--- a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb
+++ b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb
@ -13,15 +13,14 @@ class Metasploit3 < Msf::Exploit::Remote

  def initialize(info={})
    super(update_info(info,
-      'Name'           => "Array Networks vAPV and vxAG Private Key Privelege Escalation Code Execution",
+      'Name'           => "Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution",
      'Description'    => %q{
        This module exploits a default hardcoded private SSH key or default hardcoded
        login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made
-        by Array Networks. After logged in as the unprivileged user, it's possible to
-        modify the world writable file /ca/bin/monitor.sh with our arbitrary code.
-        Execution of the arbitrary code is possible by using the backend tool, running
-        setuid, to turn the debug monitoring on. This makes it possible to trigger our
-        payload with root privileges.
+        by Array Networks. After logged in as the unprivileged user, it's possible to modify
+        the world-writable file /ca/bin/monitor.sh with attacker-supplied arbitrary code.
+        Execution is possible by using the backend tool, running setuid, to turn the debug
+        monitoring on. This makes it possible to trigger a payload with root privileges.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
@ -79,7 +78,6 @@ class Metasploit3 < Msf::Exploit::Remote
    datastore['RHOST']
  end

-
  def rport
    datastore['RPORT']
  end
@ -118,7 +116,7 @@ class Metasploit3 < Msf::Exploit::Remote
  end

  def login_user_pass(user, pass)
-    print_status("#{rhost}:#{rport} - Attempt to login with '#{user}:#{pass}'")
+    print_status("#{rhost}:#{rport} - Attempting to login with '#{user}:#{pass}'")

    opts = {
      :auth_methods => ['password', 'keyboard-interactive'],
--- a/modules/exploits/unix/webapp/freepbx_config_exec.rb
+++ b/modules/exploits/unix/webapp/freepbx_config_exec.rb
@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'           => "FreePBX config.php Remote Code Execution",
      'Description'    => %q{
-        This module exploits a vulnerability found in FreePBX version 2.9, 2.10, 2.11.
+        This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11.
        It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php"
        parameters "function" and "args".
      },
--- a/modules/exploits/windows/browser/ms14_012_textrange.rb
+++ b/modules/exploits/windows/browser/ms14_012_textrange.rb
@ -15,10 +15,10 @@ class Metasploit3 < Msf::Exploit::Remote
      'Name'           => "MS14-012 Internet Explorer TextRange Use-After-Free",
      'Description'    => %q{
        This module exploits a use-after-free vulnerability found in Internet Explorer. The flaw
-        was most likely introduced back in 2013, therefore only certain builds of MSHTML are
+        was most likely introduced in 2013, therefore only certain builds of MSHTML are
        affected. In our testing with IE9, these vulnerable builds appear to be between
-        9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014
-        (before the patch).
+        9.0.8112.16496 and 9.0.8112.16533, which implies the vulnerability shipped between
+        August 2013, when it was introduced, until the fix issued in early March 2014.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
--- a/test/modules/post/test/get_env.rb
+++ b/test/modules/post/test/get_env.rb
@ -13,7 +13,7 @@ class Metasploit4 < Msf::Post

  def initialize(info={})
    super( update_info( info,
-        'Name'          => 'Testing Get Envs',
+        'Name'          => 'Test Post::Common Get Envs',
        'Description'   => %q{ This module will test Post::Common get envs API methods },
        'License'       => MSF_LICENSE,
        'Author'        => [ 'Ben Campbell'],