Indent description and fix title

jvazquez-r7 · jvazquez-r7 · commit b58550fe00c5 · 2014-08-22T10:21:08.000-05:00
diff --git a/modules/exploits/multi/http/manageengine_dc_pmp_sqli.rb b/modules/exploits/multi/http/manageengine_dc_pmp_sqli.rb
@@ -15,26 +15,26 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => "ManageEngine Password Manager Pro v6-v7 b7002 / Desktop Central v7-v9 b90033 SQL Injection",
+      'Name'           => "ManageEngine Password Manager MetadataServlet.dat SQL Injection",
       'Description'    => %q{
-          This module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet,
-          which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and
-          Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The
-          SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as
-          the user in Linux. This module exploits both PostgreSQL (newer builds) and MySQL (older
-          or upgraded builds). MySQL targets are more reliable due to the use of relative paths;
-          with PostgreSQL you should find the web root path via other means and specify it with
-          WEB_ROOT.
-
-          The injection is only exploitable via a GET request, which means that the payload
-          has to be sent in chunks smaller than 8000 characters (URL size limitation). Small
-          payloads and the use of exe-small is recommended, as you can only do between 10 and
-          20 injections before using up all the available ManagedConnections until the next
-          server restart.
-
-          This vulnerability exists in all versions released since 2006, however builds below
-          DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your
-          luck using the MySQL targets as a JDK might be installed in the $PATH.
+        This module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet,
+        which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and
+        Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The
+        SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as
+        the user in Linux. This module exploits both PostgreSQL (newer builds) and MySQL (older
+        or upgraded builds). MySQL targets are more reliable due to the use of relative paths;
+        with PostgreSQL you should find the web root path via other means and specify it with
+        WEB_ROOT.
+
+        The injection is only exploitable via a GET request, which means that the payload
+        has to be sent in chunks smaller than 8000 characters (URL size limitation). Small
+        payloads and the use of exe-small is recommended, as you can only do between 10 and
+        20 injections before using up all the available ManagedConnections until the next
+        server restart.
+
+        This vulnerability exists in all versions released since 2006, however builds below
+        DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your
+        luck using the MySQL targets as a JDK might be installed in the $PATH.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
