add comment

Author: firefart

modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb

@@ -114,6 +114,9 @@ def check
 
   def exploit
     # extract the local servername and port from a PROPFIND request
+    # these need to be the values from the backend server
+    # if testing a reverse proxy setup, these values differ
+    # from RHOST and RPORT but can be extracted this way
     vprint_status("Extracting ServerName and Port")
     res = send_request_raw(
       'method' => 'PROPFIND',