Description fixes on rapid7#4784, jboss exploit

Tod Beardsley · Tod Beardsley · commit 1e6d895975bf · 2015-04-06T12:34:49.000-05:00
Also, needed to run through msftidy. [See rapid7#4784]
diff --git a/modules/exploits/multi/http/jboss_seam_upload_exec.rb b/modules/exploits/multi/http/jboss_seam_upload_exec.rb
@@ -1,5 +1,5 @@
 #
-# This module requires Metasploit: http//metasploit.com/download
+# This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
@@ -22,19 +22,15 @@ def initialize(info = {})
             sanitize inputs to some JBoss Expression Language expressions.  As a
             result, attackers can gain remote code execution through the
             application server.  This module leverages RCE to upload and execute
-            a meterpreter payload.
+            a given payload.
 
-            Versions of the JBoss AS admin-console are known to be vulnerable to
-            this exploit, without requiring authentication.  Tested against
-            JBoss AS 5 and 6, running on Linux with JDKs 6 and 7.
+            Versions of the JBoss application server (AS) admin-console are
+            known to be vulnerable to this exploit, without requiring authentication.
+            Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7.
 
             This module provides a more efficient method of exploitation - it
             does not loop to find desired Java classes and methods.
 
-            NOTE: the check for upload success is not 100% accurate.
-            NOTE 2: The module uploads the meterpreter JAR and a JSP to launch
-            it.
-
         },
         'Author'                => [ 'vulp1n3 <vulp1n3[at]gmail.com>' ],
         'References'            =>
