Rephrase about centreon.session

Author: wchen-r7

modules/exploits/linux/http/centreon_sqli_exec.rb

@@ -15,11 +15,13 @@ def initialize(info = {})
       'Name'           => 'Centreon SQL and Command Injection',
       'Description'    => %q{
         This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon
-        Enterprise Server 2.2 and prior. The combination of both vulnerabilities, SQL and
-        Command injections in the displayServiceStatus.php component, allows remote attackers
-        to execute arbitrary commands. No authentication is required. The module only requires
-        a valid session available at the moment of exploitation. It means a legit ust must be
-        logged in. This module has been tested successfully on Centreon Enterprise Server 2.2.
+        Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command
+        injection in the displayServiceStatus.php component, it is possible to execute arbitrary
+        commands as long as there is a valid session registered in the centreon.session table.
+        In order to have a valid session, all it takes is a successful login from anybody.
+        The exploit itself does not require any authentication.
+
+        This module has been tested successfully on Centreon Enterprise Server 2.2.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -86,7 +88,7 @@ def exploit
     if check == Exploit::CheckCode::Safe
       fail_with(Failure::NotVulnerable, "#{peer} - The SQLi cannot be exploited")
     elsif check == Exploit::CheckCode::Detected
-      fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited. Centreon needs at least one successful login record to become exploitable. Perhaps try later?")
+      fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited. Possibly because there's nothing in the centreon.session table. Perhaps try again later?")
     end
 
     print_status("#{peer} - Exploiting...")