Update pureftpd bash module rank and description

zeroSteiner · zeroSteiner · commit 8cf718e891e9 · 2014-10-01T17:19:31.000-04:00
diff --git a/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb b/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb
@@ -5,8 +5,8 @@
 
 require 'msf/core'
 
-class Metasploit3 < Msf::Exploit::Remote
-  Rank = GoodRanking
+class Metasploit4 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
 
   include Msf::Exploit::Remote::Ftp
   include Msf::Exploit::CmdStager
@@ -15,9 +15,10 @@ def initialize(info = {})
     super(update_info(info,
       'Name'            => 'Pure-FTPd External Authentication Bash Environment Variable Code Injection',
       'Description'     => %q(
-        This module exploits a code injection in specially crafted environment
-        variables in Bash, specifically targeting Pure-FTPd when configured to
-        use an external program for authentication.
+        This module exploits the code injection flaw known as shellshock which
+        leverages specially crafted environment variables in Bash. This exploit
+        specifically targets Pure-FTPd when configured to use an external
+        program for authentication.
       ),
       'Author'          =>
         [
@@ -54,6 +55,10 @@ def initialize(info = {})
             }
           ]
         ],
+      'DefaultOptions' =>
+        {
+          'PrependFork' => true
+        },
       'DefaultTarget'  => 0,
       'DisclosureDate' => 'Sep 24 2014'))
     register_options(
