Fix documentation and typos

Author: Chocapikk

documentation/modules/exploit/multi/http/wingftp_null_byte_rce.md

@@ -1,12 +1,13 @@
 ## Vulnerable Application
 
-This Metasploit module exploits an unauthenticated Remote Code Execution vulnerability in **Wing FTP Server** (Linux 64-bit),
-specifically within its web administration interface.
-The vulnerability exists due to insufficient input validation in the file upload endpoint,
-where an attacker can upload a crafted script and trigger its execution.
-
-To set up a vulnerable environment, use the following **Vagrantfile** which provisions a
-Debian “bookworm” VM with Wing FTP Server installed and listening on standard ports:
+This Metasploit module exploits an **unauthenticated Remote Code Execution** vulnerability
+in **Wing FTP Server** (≤ 7.4.3 on Linux 64-bit), via its web administration interface.
+The flaw lies in the login handler (`loginok.html`): by injecting a null byte (`%00`) into
+the `username` parameter, attacker-supplied Lua code is written into the session file and
+then executed by `loadfile()`, yielding arbitrary code execution as **root**.
+
+To set up a vulnerable lab, use the following **Vagrantfile**, which provisions a Debian
+"bookworm" VM, installs Wing FTP Server 7.4.3, and exposes its HTTP/S and FTP ports on the host:
 
 ```ruby
 Vagrant.configure("2") do |config|

modules/exploits/multi/http/wingftp_null_byte_rce.rb

@@ -48,8 +48,8 @@ def initialize(info = {})
           ]
         ],
         'DefaultTarget' => 0,
-        'Privileged' => false,
-        'DisclosureDate' => '2024-06-30',
+        'Privileged' => true,
+        'DisclosureDate' => '2025-06-30',
         'Notes' => {
           'Stability' => [CRASH_SAFE],
           'Reliability' => [REPEATABLE_SESSION],