Land rapid7#5043 @todb-r7's release fixups

Brent Cook · Brent Cook · commit c666d0494fe6 · 2015-03-31T13:41:24.000-05:00
diff --git a/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb b/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb
@@ -13,15 +13,16 @@ def initialize(info = {})
       info,
       'Name'            => 'WordPress WPLMS Theme Privilege Escalation',
       'Description'     => %q{
-          The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows authenticated users of
-          any user level to set any system option via a lack of validation in the import_data function
-          of /includes/func.php.
+          The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an
+          authenticated user of any user level to set any system option due to a lack of
+          validation in the import_data function of /includes/func.php.
 
           The module first changes the admin e-mail address to prevent any
-          notifications being sent to the actual administrator during the attack, re-enables user
-          registration in case it has been disabled and sets the default role to be administrator.
-          This will allow for the user to create a new account with admin privileges via the default
-          registration page found at /wp-login.php?action=register.
+          notifications being sent to the actual administrator during the attack,
+          re-enables user registration in case it has been disabled and sets the default
+          role to be administrator.  This will allow for the user to create a new account
+          with admin privileges via the default registration page found at
+          /wp-login.php?action=register.
       },
       'Author'          =>
         [
diff --git a/modules/auxiliary/gather/ms14_052_xmldom.rb b/modules/auxiliary/gather/ms14_052_xmldom.rb
@@ -15,9 +15,9 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure",
       'Description'    => %q{
-        This module will use the Microsoft XMLDOM object to enumerate a remote user's filenames.
+        This module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames.
         It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you
-        must supply your own list of file paths. Each file's format should look like this:
+        must supply your own list of file paths. Each file path should look like this:
         c:\\\\windows\\\\system32\\\\calc.exe
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/post/windows/gather/credentials/mssql_local_hashdump.rb b/modules/post/windows/gather/credentials/mssql_local_hashdump.rb
@@ -17,11 +17,14 @@ def initialize(info={})
     super( update_info( info,
         'Name'          => 'Windows Gather Local SQL Server Hash Dump',
         'Description'   => %q{ This module extracts the usernames and password
-        hashes from a MSSQL server and stores them in the loot using the
-        same technique in mssql_local_auth_bypass (Credits: Scott Sutherland)
+        hashes from an MSSQL server and stores them as loot. It uses the
+        same technique in mssql_local_auth_bypass.
         },
         'License'       => MSF_LICENSE,
-        'Author'        => [ 'Mike Manzotti <mike.manzotti[at]dionach.com>'],
+        'Author'        => [
+            'Mike Manzotti <mike.manzotti[at]dionach.com>',
+            'nullbind' # Original technique
+          ],
         'Platform'      => [ 'win' ],
         'SessionTypes'  => [ 'meterpreter' ],
         'References'  =>
