Fixups for release

2024-10-29 18:07:27 +01:00 · 2015-03-31 11:02:12 -05:00 · 2015-03-31 11:02:12 -05:00 · d1318d1b48
commit d1318d1b48
parent 86d8aab854
3 changed files with 16 additions and 12 deletions
--- a/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb
+++ b/modules/auxiliary/admin/http/wp_wplms_privilege_escalation.rb
@ -13,15 +13,16 @@ class Metasploit3 < Msf::Auxiliary
      info,
      'Name'            => 'WordPress WPLMS Theme Privilege Escalation',
      'Description'     => %q{
-          The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows authenticated users of
-          any user level to set any system option via a lack of validation in the import_data function
-          of /includes/func.php.
+          The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an
+          authenticated user of any user level to set any system option due to a lack of
+          validation in the import_data function of /includes/func.php.

          The module first changes the admin e-mail address to prevent any
-          notifications being sent to the actual administrator during the attack, re-enables user
-          registration in case it has been disabled and sets the default role to be administrator.
-          This will allow for the user to create a new account with admin privileges via the default
-          registration page found at /wp-login.php?action=register.
+          notifications being sent to the actual administrator during the attack,
+          re-enables user registration in case it has been disabled and sets the default
+          role to be administrator.  This will allow for the user to create a new account
+          with admin privileges via the default registration page found at
+          /wp-login.php?action=register.
      },
      'Author'          =>
        [
--- a/modules/auxiliary/gather/ms14_052_xmldom.rb
+++ b/modules/auxiliary/gather/ms14_052_xmldom.rb
@ -15,9 +15,9 @@ class Metasploit3 < Msf::Auxiliary
    super(update_info(info,
      'Name'           => "MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure",
      'Description'    => %q{
-        This module will use the Microsoft XMLDOM object to enumerate a remote user's filenames.
+        This module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames.
        It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you
-        must supply your own list of file paths. Each file's format should look like this:
+        must supply your own list of file paths. Each file path should look like this:
        c:\\\\windows\\\\system32\\\\calc.exe
      },
      'License'        => MSF_LICENSE,
--- a/modules/post/windows/gather/credentials/mssql_local_hashdump.rb
+++ b/modules/post/windows/gather/credentials/mssql_local_hashdump.rb
@ -17,11 +17,14 @@ class Metasploit3 < Msf::Post
    super( update_info( info,
        'Name'          => 'Windows Gather Local SQL Server Hash Dump',
        'Description'   => %q{ This module extracts the usernames and password
-        hashes from a MSSQL server and stores them in the loot using the
-        same technique in mssql_local_auth_bypass (Credits: Scott Sutherland)
+        hashes from an MSSQL server and stores them as loot. It uses the
+        same technique in mssql_local_auth_bypass.
        },
        'License'       => MSF_LICENSE,
-        'Author'        => [ 'Mike Manzotti <mike.manzotti[at]dionach.com>'],
+        'Author'        => [
+            'Mike Manzotti <mike.manzotti[at]dionach.com>',
+            'nullbind' # Original technique
+          ],
        'Platform'      => [ 'win' ],
        'SessionTypes'  => [ 'meterpreter' ],
        'References'  =>