Update and fix grammar to the CryptoLog module

Tod Beardsley · web-flow · commit 49383f8f3a92 · 2017-06-15T13:00:44.000-05:00
After talking to the vendor, it appears that the PHP version of CryptoLog has been EOL'ed since 2009. It has since been replaced with an ASP.NET version, which, obviously, is no longer vulnerable to these PHP exposures.
diff --git a/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb b/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb
@@ -12,16 +12,20 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "Crypttech CryptoLog Remote Code Execution",
       'Description'    => %q{
-        This module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a
-        terminal command under the context of the web user.
+        This module exploits a SQL injection and command injection vulnerability in the PHP version of CryptoLog.
+        An unauthenticated user can execute a terminal command under the context of the web user. These vulnerabilities
+        are no longer present in the ASP.NET version CryptoLog, available since 2009.
 
-        login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation
-        and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session.
+        CryptoLog's login.php endpoint is responsible for the login process. One of the user supplied parameters is
+        used by the application without input validation and parameter binding, which leads to SQL injection
+        vulnerability. Successfully exploitating this vulnerability gives a the valid session.
 
-        logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having
-        a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue.
+        CryptoLog's logshares_ajax.php endpoint is responsible for executing an operation system command. It's not
+        possible to access this endpoint without having a valid session. One user parameter is used by the
+        application while executing an operating system command, which causes a command injection issue.
 
-        Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.
+        Combining these vulnerabilities gives the opportunity execute operation system commands under the context
+        of the web user.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
