Land rapid7#8564, Fix cryptolog desc

pbarry-r7 · pbarry-r7 · commit cab64fc8b26e · 2017-06-15T13:39:56.000-05:00
diff --git a/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb b/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb
@@ -12,16 +12,20 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "Crypttech CryptoLog Remote Code Execution",
       'Description'    => %q{
-        This module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a
-        terminal command under the context of the web user.
+        This module exploits a SQL injection and command injection vulnerability in the PHP version of CryptoLog.
+        An unauthenticated user can execute a terminal command under the context of the web user. These vulnerabilities
+        are no longer present in the ASP.NET version CryptoLog, available since 2009.
 
-        login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation
-        and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session.
+        CryptoLog's login.php endpoint is responsible for the login process. One of the user supplied parameters is
+        used by the application without input validation and parameter binding, which leads to SQL injection
+        vulnerability. Successfully exploitating this vulnerability gives a the valid session.
 
-        logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having
-        a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue.
+        CryptoLog's logshares_ajax.php endpoint is responsible for executing an operation system command. It's not
+        possible to access this endpoint without having a valid session. One user parameter is used by the
+        application while executing an operating system command, which causes a command injection issue.
 
-        Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.
+        Combining these vulnerabilities gives the opportunity execute operation system commands under the context
+        of the web user.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
