Merge pull request rapid7#3500 from todb-r7/fixup-release

Release fixup: Description/whitespace changes (minor)

Author: cdoughty-r7

modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb

@@ -13,18 +13,18 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'           => 'Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload',
+      'Name'           => 'Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload',
       'Description'    => %q{
           The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8
           is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme
-          functionality to upload a zip file containing the payload. The plugin used the
+          functionality to upload a zip file containing the payload. The plugin uses the
           admin_init hook, which is also executed for unauthenticated users when accessing
-          a specific URL. The developers tried to fix the vulnerablility
-          in version 2.6.7 but the fix can be bypassed. In PHPs default configuration,
+          a specific URL. The first fix for this vulnerability appeared in version 2.6.7,
+          but the fix can be bypassed. In PHP's default configuration,
           a POST variable overwrites a GET variable in the $_REQUEST array. The plugin
           uses $_REQUEST to check for access rights. By setting the POST parameter to
           something not beginning with 'wysija_', the check is bypassed. Wordpress uses
-          the $_GET array to determine the page and is so not affected by this.
+          the $_GET array to determine the page, so it is not affected by this.
       },
       'Author'         =>
         [

modules/exploits/windows/http/oracle_event_processing_upload.rb

@@ -17,7 +17,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Oracle Event Processing FileUploadServlet Arbitrary File Upload',
       'Description'    => %q{
-        This module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing
+        This module exploits an arbitrary file upload vulnerability in Oracle Event Processing
         11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be
         abused to upload a malicious file onto an arbitrary location due to a directory traversal
         flaw, and compromise the server. By default Oracle Event Processing uses a Jetty

modules/payloads/stagers/windows/reverse_hop_http.rb

@@ -18,7 +18,11 @@ def initialize(info = {})
       'Description'   => "Tunnel communication over an HTTP hop point (note you must first upload "+
         "the hop.php found at #{File.expand_path("../../../../data/php/hop.php", __FILE__)} "+
         "to the HTTP server you wish to use as a hop)",
-      'Author'        => ['scriptjunkie <[email protected]>', 'hdm'],
+      'Author'        =>
+        [
+         'scriptjunkie <scriptjunkie[at]scriptjunkie.us>',
+         'hdm'
+        ],
       'License'       => MSF_LICENSE,
       'Platform'      => 'win',
       'Arch'          => ARCH_X86,
@@ -37,8 +41,7 @@ def initialize(info = {})
     deregister_options('LHOST', 'LPORT')
 
     register_options([
-      OptString.new('HOPURL',
-        [ true, "The full URL of the hop script", "http://example.com/hop.php" ]
+      OptString.new('HOPURL', [ true, "The full URL of the hop script", "http://example.com/hop.php" ]
       )
     ], self.class)
   end

modules/post/windows/gather/credentials/skype.rb

@@ -49,9 +49,8 @@ def initialize(info={})
 hash.update password
 
 puts hash.hexdigest
-  
-=end
 
+=end
 
   def decrypt_reg(data)
     rg = session.railgun