Merge pull request #1 from bwatters-r7/land-7266

mdisec · web-flow · commit edc086167c24 · 2016-09-20T18:59:33.000+03:00
Minor Grammar Changes.
diff --git a/documentation/modules/exploit/linux/http/kaltura_unserialize_rce.md b/documentation/modules/exploit/linux/http/kaltura_unserialize_rce.md
@@ -1,16 +1,16 @@
 ## Vulnerable Application
 
-This module exploits a Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user.
+This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user.
 
-Kaltura has a module named keditorservices that takes user input and then use it as an unserialize function parameter. The object constructed is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura prior to 11.1.0-2 versions are affected by issue.
+Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The object constructed is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura prior to 11.1.0-2 versions are affected by issue.
 
 **Vulnerable Application Installation Steps**
 
-Kaltura has their own RPM and/or DEB packages to helps us to install it without any issue. Following steps are slightly different than official wiki in order to install vulnerable packages.
+Kaltura has their own RPM and/or DEB packages to help us to install it without any issue. Following steps are slightly different than official wiki in order to install the vulnerable packages.
 
-Following steps are valid CentOS 6 x64 bit operating system.
+Following steps are valid on the CentOS 6 x64 bit operating system.
 
-1. Install CentOS-6 x64 and run `yum update -y` in order to fetch and install latests packages. Also set hostname something like _kalturahack.dev_ would be wise. Because it will be used during Kaltura installation.
+1. Install CentOS-6 x64 and run `yum update -y` in order to fetch and install the latest packages. Also seting the hostname to something like _kalturahack.dev_ would be wise, because it will be used during Kaltura installation.
 2. Disable iptables and selinux. 
 ```
 iptables -F
@@ -29,7 +29,7 @@ setenforce permissive
 rpm -ihv http://installrepo.kaltura.org/releases/kaltura-release.noarch.rpm
 ```
 
-5. Kaltura repo configures for latest version by default. We need to change it to one of the vulnerable release. Thus, open `/etc/yum.repos.d/kaltura.repo` file with your favorite text editor and perform following replacement.
+5. Kaltura repo is configured for the latest version by default. We need to change it to one of the vulnerable releases. Thus, open `/etc/yum.repos.d/kaltura.repo` file with your favorite text editor and perform following replacement.
 
 Original file. (# lines just ignored)
 ```
@@ -66,13 +66,13 @@ enabled = 1
 baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
 ```
 
-6. Install kaltura-server. This will take for a while. 
+6. Install kaltura-server. This will take a while. 
 ```
 yum clean all
 yum install kaltura-server
 ```
 
-7. Run following commands in order to initiate database and start necessary services.
+7. Run the following commands in order to initiate the database and start necessary services.
 ```
 /opt/kaltura/bin/kaltura-mysql-settings.sh
 service memcached restart
@@ -81,7 +81,7 @@ chkconfig memcached on
 chkconfig ntpd on
 ```
 
-8. Start kaltura configuration script `/opt/kaltura/bin/kaltura-config-all.sh` .
+8. Start the kaltura configuration script `/opt/kaltura/bin/kaltura-config-all.sh` .
 
 ```
 [Email\NO]: "<your email address>"
diff --git a/modules/exploits/linux/http/kaltura_unserialize_rce.rb b/modules/exploits/linux/http/kaltura_unserialize_rce.rb
@@ -12,18 +12,19 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => 'Kaltura Remote PHP Code Execution',
       'Description'    => %q{
-        This module exploits a Object Injection vulnerability in Kaltura.
+        This module exploits an Object Injection vulnerability in Kaltura.
         By exploiting this vulnerability, unauthenticated users can execute
         arbitrary code under the context of the web server user.
 
         Kaltura has a module named keditorservices that takes user input
-        and then use it as an unserialize function parameter. The object
+        and then use it as an unserialized function parameter. The object
         constructed is based on the SektionEins Zend code execution POP chain PoC,
         with a minor modification to ensure Kaltura processes it and the
         Zend_Log function's __destruct() method is called. Kaltura prior to
         11.1.0-2 versions are affected by issue.
 
-        This module was tested against Kaltura 11.1.0 installation on Ubuntu server.
+        This module was tested against Kaltura 11.1.0 installation on
+        Ubuntu server and CentOS 6.8.
       },
       'License'         => MSF_LICENSE,
       'Author'          =>
