Make some changes to the description

wchen-r7 · wchen-r7 · commit 280529f885f0 · 2013-07-18T13:20:36.000-05:00
diff --git a/modules/exploits/windows/http/hp_mpa_job_acct.rb b/modules/exploits/windows/http/hp_mpa_job_acct.rb
@@ -19,15 +19,15 @@ def initialize
 			'Description'    => %q{
 				This module exploits an arbitrary file upload vulnerability on HP Managed Printing
 				Administration 2.6.3 (and before). The vulnerability exists in the UploadFiles()
-				function from the MPAUploader.Uploader.1 control, loaded and used on server side.
+				function from the MPAUploader.Uploader.1 control, loaded and used by the server.
 				The function can be abused via directory traversal and null byte injection in order
-				to achieve arbitrary file upload. In order to upload successfully the file cannot
-				exist in the filesystem. On the other hand, files are written with the privileges of
-				the Internet Guest Account (IUSR_*). The module tries to achieve code execution by
-				uploading ASP code into the webroot folder, on locations where server side code is
-				allowed. By default the /hpmpa/userfiles/ and subfolders are used, since IUSR_*
-				write privileges are needed for some application functions. The user can specify an
-				arbitrary location through the WEBFOLDER option.
+				to achieve arbitrary file upload.  In order to exploit successfully, a few conditions
+				must be met: 1) A writable location under the context of Internet Guest Account
+				(IUSR_*), or Everyone is required. By default, this module will attempt to write to
+				/hpmpa/userfiles/, but you may specify the WRITEWEBFOLDER datastore option to provide
+				another writable path. 2)  The writable path must also be readable by a browser,
+				this typically means a location under wwwroot. 3) You cannot overwrite a file with
+				the same name as the payload.
 			},
 			'Author'      => [
 				'Andrea Micalizzi', # aka rgod - Vulnerability Discovery
