fourth release module

h00die-gr3y · h00die-gr3y · commit 28d6ef92dd49 · 2024-07-10T21:44:28.000Z
diff --git a/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb b/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb
@@ -30,13 +30,13 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => [
           'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor
-          'Steve Ikeoka' # Original Discovery
+          'Steve Ikeoka' # Discovery
         ],
         'References' => [
           ['CVE', '2024-36401'],
           ['URL', 'https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv'],
           ['URL', 'https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401'],
-          ['URL', 'https://attackerkb.com/topics/xxxxx/cve-2024-36401']
+          ['URL', 'https://attackerkb.com/topics/W6IDY2mmp9/cve-2024-36401']
         ],
         'DisclosureDate' => '2024-07-01',
         'Platform' => ['unix', 'linux'],
@@ -124,8 +124,8 @@ def get_valid_featuretype
       xml.remove_namespaces!
       # get all the FeatureTypes and store them in an array of strings
       retrieved_feature_types = xml.xpath('//ReturnFeatureType')
-      # shuffle the retrieved_feature_types array, and loop through the list of retrieved_feature_types from GeoServer.
-      # return the string value if a match is found in the allowed_feature_types array
+      # shuffle the retrieved_feature_types array, and loop through the list of retrieved_feature_types from GeoServer
+      # return the feature type if a match is found in the allowed_feature_types array
       retrieved_feature_types.to_a.shuffle.each do |feature_type|
         return feature_type.text if allowed_feature_types.include?(feature_type.text)
       end
