Trying to make the description sound smoother

wchen-r7 · wchen-r7 · commit 6c76bee02f77 · 2013-04-26T16:02:28.000-05:00
diff --git a/modules/exploits/unix/webapp/php_wordpress_total_cache.rb b/modules/exploits/unix/webapp/php_wordpress_total_cache.rb
@@ -16,16 +16,16 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Wordpress W3 Total Cache PHP Code Execution',
 			'Description'    => %q{
-					This module exploits a PHP Code Injection vulnerability on the W3 Total Cache
-				wordpress plugin up to and including 0.9.2.8 version. Versions up to and including
-				1.2 of WP Super Cache plugin are also reported as vulnerable. The exploit is due to
-				the handle of some special macros, such as mfunc, which allow to inject arbitrary
-				PHP code. A valid post id where publish the malicious comment is needed. The user
-				can provide it with the POSTID option, otherwise a valid one will try to be brute
-				forced. Also, if anonymous comments aren't allowed, valid credentials must be
-				provided. Finally, comments shouldn't be moderated in order finish the exploitation
-				successfully. This module has been tested against Wordpress 3.5 and W3 Total Cache
-				0.9.2.3 on a Ubuntu 10.04 system.
+					This module exploits a PHP Code Injection vulnerability against Wordpress plugin
+				W3 Total Cache for version up to and including 0.9.2.8.  WP Super Cache 1.2 or older
+				is also reported as vulnerable.  The vulnerability is due to the handling of certain
+				macros such as mfunc, which allows arbitrary PHP code injection.  A valid post ID is
+				needed in order to add the malicious comment.  If the POSTID option isn't specified,
+				then the module will automatically brute-force one.  Also, if anonymous comments
+				aren't allowed, then a valid username and password must be provided.  In addition,
+				the "A comment is held for moderation" option on Wordpress must be unchecked for
+				successful exploitation.  This module has been tested against Wordpress 3.5 and
+				W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.
 			},
 			'Author'	=>
 				[
@@ -198,7 +198,7 @@ def exploit
 		random_test = rand_text_alpha(64)
 		@sum = Rex::Text.sha1(random_test)
 
-		print_status("#{peer} - Injecting the PHP Code throw a comment...")
+		print_status("#{peer} - Injecting the PHP Code in a comment...")
 		post_uri = post_comment
 		if post_uri.nil?
 			fail_with(Exploit::Failure::Unknown, "#{peer} - Expected redirection not returned")
