Small corrections

sinn3r · sinn3r · commit 9af8c9b45734 · 2012-12-21T18:52:40.000-06:00
diff --git a/modules/exploits/unix/webapp/foswiki_maketext.rb b/modules/exploits/unix/webapp/foswiki_maketext.rb
@@ -16,18 +16,17 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Foswiki MAKETEXT Remote Command Execution',
 			'Description'    => %q{
-					This module exploits a vulnerability in the MAKETEXT Foswiki variable. Using a
-				specially crafted MAKETEXT, a malicious user can execute shell commands since user
+					This module exploits a vulnerability in the MAKETEXT Foswiki variable. By using
+				a specially crafted MAKETEXT, a malicious user can execute shell commands since the
 				input is passed to the Perl "eval" command without first being sanitized. The
 				problem is caused by an underlying security issue in the CPAN:Locale::Maketext
-				module. This works in Foswiki sites that have user interface localization enabled
-				(UserInterfaceInternationalisation variable set).
-
-				If USERNAME and PASSWORD credentials aren't provided anonymous access will be
-				intended. On the other hand, if the FoswikiPage option isn't provided, the module
-				will try to create a random page on the SandBox space. The modules has been tested
-				successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware
-				virtual machine.
+				module.  Only Foswiki sites that have user interface localization enabled
+				(UserInterfaceInternationalisation variable set) are vulnerable.
+
+					If USERNAME and PASSWORD aren't provided, anonymous access will be tried.
+				Also, if the FoswikiPage option isn't provided, the module will try to create a
+				random page on the SandBox space. The modules has been tested successfully on
+				Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
 			},
 			'Author'         =>
 				[
@@ -45,12 +44,11 @@ def initialize(info = {})
 			'Payload'        =>
 				{
 					'DisableNops' => true,
-					'BadChars'    => '',
 					'Space'       => 1024,
 					'Compat'      =>
 						{
 							'PayloadType' => 'cmd',
-							'RequiredCmd' => 'generic ruby python bash telnet',
+							'RequiredCmd' => 'generic ruby python bash telnet'
 						}
 				},
 			'Platform'       => [ 'unix' ],
@@ -80,7 +78,7 @@ def do_login(username, password)
 			})
 
 		if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /FOSWIKISID=([0-9a-f]*)/
-			print_status "#{res.code}\n#{res.body}"
+			vprint_status "#{res.code}\n#{res.body}"
 			return nil
 		end
 
