Update md doc

wchen-r7 · wchen-r7 · commit 7151930dec13 · 2017-01-26T16:34:09.000-06:00
diff --git a/documentation/modules/auxiliary/gather/advantech_webaccess_creds.md b/documentation/modules/auxiliary/gather/advantech_webaccess_creds.md
@@ -1,6 +1,16 @@
 ## Description
 
-This module allows you to log into Advantech WebAccess, and gather credentials from the user list.
+This module exploits three vulnerabilities in Advantech WebAccess.
+
+The first vulnerability is the ability for an arbitrary user to access the admin user list page,
+revealing the username of every user on the system.
+
+The second vulnerability is the user edit page can be accessed loaded by an arbitrary user, with
+the data of an arbitrary user.
+
+The final vulnerability exploited is that the HTML Form on the user edit page contains the user's
+plain text password in the masked password input box. Typically the system should replace the
+actual password with a masked character such as "*".
 
 
 ## Vulnerable Application
@@ -30,3 +40,8 @@ The username to use to log into Advantech WebAccess. By default, there is a buil
 
 The password to use to log into AdvanTech WebAccess. By default, the built-in account ```admin```
 does not have a password, which could be something you can use.
+
+
+## Demo
+
+![webaccess_steal_creds](https://cloud.githubusercontent.com/assets/1170914/22353246/34b2045e-e3e5-11e6-992c-f3ab9dcbe716.gif)
