Land rapid7#3136, release fixes

Author: wvu

modules/auxiliary/gather/joomla_weblinks_sqli.rb

@@ -84,7 +84,7 @@ def run
     file = datastore['FILEPATH'].unpack("H*")[0]
     catid = datastore['CATEGORYID']
 
-    payload = catid.to_s 
+    payload = catid.to_s
     payload << ") UNION ALL SELECT CONCAT(0x#{front_marker.unpack('H*')[0]}"
     payload << ",IFNULL(CAST(HEX(LOAD_FILE("
     payload << "0x#{file})) AS CHAR),0x20),0x#{back_marker.unpack('H*')[0]})#"

modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb

@@ -15,9 +15,10 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "Quantum vmPRO Backdoor Command",
       'Description'    => %q{
-        This module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin
+        This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin
         privileges, can get access to the restricted SSH shell. By using the hidden backdoor
-        "shell-escape" command it's possible to drop to a real root bash shell.
+        "shell-escape" command it's possible to drop to a real root bash shell. This module
+        has been tested successfully on Quantum vmPRO 3.1.2.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>

modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb

@@ -13,15 +13,14 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => "Array Networks vAPV and vxAG Private Key Privelege Escalation Code Execution",
+      'Name'           => "Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution",
       'Description'    => %q{
         This module exploits a default hardcoded private SSH key or default hardcoded
         login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made
-        by Array Networks. After logged in as the unprivileged user, it's possible to
-        modify the world writable file /ca/bin/monitor.sh with our arbitrary code.
-        Execution of the arbitrary code is possible by using the backend tool, running
-        setuid, to turn the debug monitoring on. This makes it possible to trigger our
-        payload with root privileges.
+        by Array Networks. After logged in as the unprivileged user, it's possible to modify
+        the world-writable file /ca/bin/monitor.sh with attacker-supplied arbitrary code.
+        Execution is possible by using the backend tool, running setuid, to turn the debug
+        monitoring on. This makes it possible to trigger a payload with root privileges.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -79,7 +78,6 @@ def rhost
     datastore['RHOST']
   end
 
-
   def rport
     datastore['RPORT']
   end
@@ -118,7 +116,7 @@ def login_key(user)
   end
 
   def login_user_pass(user, pass)
-    print_status("#{rhost}:#{rport} - Attempt to login with '#{user}:#{pass}'")
+    print_status("#{rhost}:#{rport} - Attempting to login with '#{user}:#{pass}'")
 
     opts = {
       :auth_methods => ['password', 'keyboard-interactive'],

modules/exploits/unix/webapp/freepbx_config_exec.rb

@@ -14,7 +14,7 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "FreePBX config.php Remote Code Execution",
       'Description'    => %q{
-        This module exploits a vulnerability found in FreePBX version 2.9, 2.10, 2.11.
+        This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11.
         It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php"
         parameters "function" and "args".
       },

modules/exploits/windows/browser/ms14_012_textrange.rb

@@ -15,10 +15,10 @@ def initialize(info={})
       'Name'           => "MS14-012 Internet Explorer TextRange Use-After-Free",
       'Description'    => %q{
         This module exploits a use-after-free vulnerability found in Internet Explorer. The flaw
-        was most likely introduced back in 2013, therefore only certain builds of MSHTML are
+        was most likely introduced in 2013, therefore only certain builds of MSHTML are
         affected. In our testing with IE9, these vulnerable builds appear to be between
-        9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014
-        (before the patch).
+        9.0.8112.16496 and 9.0.8112.16533, which implies the vulnerability shipped between
+        August 2013, when it was introduced, until the fix issued in early March 2014.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>

test/modules/post/test/get_env.rb

@@ -13,7 +13,7 @@ class Metasploit4 < Msf::Post
 
   def initialize(info={})
     super( update_info( info,
-        'Name'          => 'Testing Get Envs',
+        'Name'          => 'Test Post::Common Get Envs',
         'Description'   => %q{ This module will test Post::Common get envs API methods },
         'License'       => MSF_LICENSE,
         'Author'        => [ 'Ben Campbell'],