Final changes

Author: sinn3r

modules/exploits/windows/ftp/freefloatftp_wbem.rb

@@ -20,9 +20,11 @@ def initialize(info={})
 		super(update_info(info,
 			'Name'           => "FreeFloat FTP Server Arbitrary File Upload",
 			'Description'    => %q{
-					This module abuses a lack of authentication and authorization on FreeFloat FTP
-				Server to upload arbitrary files to the remote filesystem. This module uses the
-				Windows Management Instrumentation service to execute the payload uploaded.
+					This module abuses multiple issues in FreeFloat: 1. No credential is actually
+				needed to login; 2. User's default path is in C:\, and this cannot be changed;
+				3. User can write to anywhere on the server's file system.  As a result of these
+				poor implementations, a malicious user can just log in and then upload files,
+				and let WMI (Management Instrumentation service) to execute the payload uploaded.
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         =>
@@ -37,7 +39,7 @@ def initialize(info={})
 			'Platform'       => 'win',
 			'Targets'        =>
 				[
-					['FreeFloat', {}],
+					['FreeFloat', {}]
 				],
 			'Privileged'     => true,
 			'DisclosureDate' => "Dec 7 2012",
@@ -58,7 +60,6 @@ def check
 		disconnect
 
 		if banner =~ /FreeFloat/
-			# Yup, you're f*cked
 			return Exploit::CheckCode::Vulnerable
 		else
 			return Exploit::CheckCode::Safe