Merge branch 'master' of https://github.com/rapid7/metasploit-framework

jvazquez-r7 · jvazquez-r7 · commit 6a7f8758e0db · 2013-01-11T00:14:22.000+01:00
diff --git a/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb b/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
@@ -23,13 +23,18 @@ def initialize(info = {})
 				any ruby code remotely in the context of the application.
 
 				This module has been tested across multiple versions of RoR 3.x and RoR 2.x
+
+				The technique used by this module requires the target to be running a fairly version
+				of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be
+				exploitable using the init_with() method, but this has not been demonstrated.
+
 			},
 			'Author'         =>
 				[
 					'charliesome',  # PoC
-					'espes',       # PoC and Metasploit module
-					'lian',        # Identified the RouteSet::NamedRouteCollection vector
-					'hdm'          # Module merge/conversion/payload work
+					'espes',        # PoC and Metasploit module
+					'lian',         # Identified the RouteSet::NamedRouteCollection vector
+					'hdm'           # Module merge/conversion/payload work
 				],
 			'License'        => MSF_LICENSE,
 			'References'  =>
