Updates docs

msutovsky-r7 · msutovsky-r7 · commit 00bd70751ca6 · 2025-09-11T10:41:28.000+02:00
diff --git a/documentation/modules/exploit/windows/http/sitecore_xp_cve_2025_34510.md b/documentation/modules/exploit/windows/http/sitecore_xp_cve_2025_34510.md
@@ -1,10 +1,16 @@
 ## Vulnerable Application
 
-The Sitecore Experience Platform (XP) is flagship CMS product. Provides comprehensive digital marketing tools, view of customer data and many other features. Sitecore deploys multiple default service accounts when installing, among them ServicesAPI. The versions from 10 to 10.4 have hardcoded password for this account - the password is letter b (CVE-2025-34509). This account is used to gain access and exploit additional vulnerability - path traversal in zip extraction (CVE-2025-34510). This module exploits both vulnerabilities to gain remote code execution by uploading malicious ASPX into root directory of webserver.
+The Sitecore Experience Platform (XP) is flagship CMS product.
+Provides comprehensive digital marketing tools, view of customer data and many other features.
+Sitecore deploys multiple default service accounts when installing, among them ServicesAPI.
+The versions from 10 to 10.4 have hardcoded password for this account - the password is letter b (CVE-2025-34509).
+This account is used to gain access and exploit additional vulnerability - path traversal in zip extraction (CVE-2025-34510).
+This module exploits both vulnerabilities to gain remote code execution by uploading malicious ASPX into root directory of webserver.
 
 ### Installation
 
-The Sitecore XP can be downloaded from [here](https://developers.sitecore.com/downloads/Sitecore_Experience_Platform). Please note that a license is required for successful installation.
+The Sitecore XP can be downloaded from [here](https://developers.sitecore.com/downloads/Sitecore_Experience_Platform).
+Please note that a license is required for successful installation.
 
 
 ## Verification Steps
@@ -23,16 +29,20 @@ The Sitecore XP can be downloaded from [here](https://developers.sitecore.com/do
 
 ### VHOST
 
-The hostname of Sitecore XP - when installed, Sitecore XP deploys multiple vhosts, among them is the Sitecore XP host, where a user can access majority of functions. 
+The hostname of Sitecore XP.
+When installed, Sitecore XP deploys multiple vhosts, among them is the Sitecore XP host, where a user can access majority of functions.
 
 
 ### IDENTITY_VHOST
 
 The Sitecore XP uses separate vhost for "identity host", which is used when user is authenticating and asking for session data.
+If you are not sure about `IDENTITY_VHOST`, you can visit `https://[sitecore instance]/identity/login/shell/SitecoreIdentityServer`.
+The hostname of page where the URL will redirect you can be used as `IDENTITY_VHOST`.
 
 ## Scenarios
 
 ```
+msf exploit(windows/http/sitecore_xp_cve_2025_34510) > set IDENTITY_VHOST sitecorepocidentityserver.dev.local
 msf exploit(windows/http/sitecore_xp_cve_2025_34510) > run verbose=true
 [*] Started reverse TCP handler on 192.168.3.7:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
diff --git a/documentation/modules/exploit/windows/http/sitecore_xp_cve_2025_34511.md b/documentation/modules/exploit/windows/http/sitecore_xp_cve_2025_34511.md
@@ -1,11 +1,17 @@
 ## Vulnerable Application
 
-The Sitecore Experience Platform (XP) is flagship CMS product. Provides comprehensive digital marketing tools, view of customer data and many other features. A user can install multiple extensions to Sitecore XP - among them is Sitecore PowerShell Extension (SPA). It is obligatory requirement for popular SXA add-on. The SPA is vulnerable to unrestricted file upload up to version 7.0. An attacker can upload malicious ASPX file and gain remote code execution.
+The Sitecore Experience Platform (XP) is flagship CMS product.
+Provides comprehensive digital marketing tools, view of customer data and many other features.
+A user can install multiple extensions to Sitecore XP - among them is Sitecore PowerShell Extension (SPA).
+It is obligatory requirement for popular SXA add-on.
+The SPA is vulnerable to unrestricted file upload up to version 7.0.
+An attacker can upload malicious ASPX file and gain remote code execution.
 
 
 ### Installation
 
-The Sitecore XP can be downloaded from [here](https://developers.sitecore.com/downloads/Sitecore_Experience_Platform). Please note that a license is required for successful installation.
+The Sitecore XP can be downloaded from [here](https://developers.sitecore.com/downloads/Sitecore_Experience_Platform).
+Please note that a license is required for successful installation.
 
 
 ## Verification Steps
@@ -24,18 +30,22 @@ The Sitecore XP can be downloaded from [here](https://developers.sitecore.com/do
 
 ### VHOST
 
-The hostname of Sitecore XP - when installed, Sitecore XP deploys multiple vhosts, among them is the Sitecore XP host, where a user can access majority of functions. 
+The hostname of Sitecore XP.
+When installed, Sitecore XP deploys multiple vhosts, among them is the Sitecore XP host, where a user can access majority of functions.
 
 
 ### IDENTITY_VHOST
 
 The Sitecore XP uses separate vhost for "identity host", which is used when user is authenticating and asking for session data.
+If you are not sure about `IDENTITY_VHOST`, you can visit `https://[sitecore instance]/identity/login/shell/SitecoreIdentityServer`.
+The hostname of page where the URL will redirect you can be used as `IDENTITY_VHOST`.
 
 
 ## Scenarios
 
 
 ```
+msf exploit(windows/http/sitecore_xp_cve_2025_34511) > set IDENTITY_VHOST sitecorepocidentityserver.dev.local
 msf exploit(windows/http/sitecore_xp_cve_2025_34511) > set RHOSTS 10.5.132.138
 RHOSTS => 10.5.132.138
 msf exploit(windows/http/sitecore_xp_cve_2025_34511) > set VHOST sitecorepocsc.dev.local
