cleanup for netgear_dgn1000b_setup_exec

jvazquez-r7 · jvazquez-r7 · commit ce88d8473a33 · 2013-04-03T12:44:04.000+02:00
diff --git a/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb b/modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb
@@ -19,13 +19,13 @@ def initialize(info = {})
 		super(update_info(info,
 			'Name'        => 'Netgear DGN1000B setup.cgi Remote Command Execution',
 			'Description' => %q{
-					Some Netgear Routers are vulnerable to OS Command injection.
-				You will need credentials to the webinterface to access the vulnerable part
-				of the application. Default credentials are always a good starting point.
-				admin/admin or admin/password could be a first try. Since it is a blind
-				os command injection vulnerability, there is no output for the executed
-				command when using the cmd generic payload. A ping command against a
-				controlled system could be used for testing purposes.
+					Some Netgear Routers are vulnerable to authenticated OS Command injection. The
+				vulnerability exists in the web interface, specifically in the setup.cgi component,
+				when handling the TimeToLive parameter. Default credentials are always a good
+				starting point, admin/admin or admin/password could be a first try. Since it is a
+				blind os command injection vulnerability, there is no output for the executed
+				command when using the cmd generic payload. A ping command against a controlled
+				system could be used for testing purposes.
 			},
 			'Author'      =>
 				[
@@ -147,7 +147,7 @@ def exploit
 			return
 		end
 
-		#thx to Juan for his awesome work on the mipsel elf support
+		#thx to Juan for his awesome work on the mipsbe elf support
 		@pl = generate_payload_exe
 		@elf_sent = false
 
