From 092e4f93ad31aa4fc76a328755a06fec37a340fd Mon Sep 17 00:00:00 2001
From: Grant Willcox <gwillcox@rapid7.com>
Date: Tue, 2 May 2023 15:50:46 -0500
Subject: [PATCH] Fix up incorrect user who we are executing as

---
 .../http/icinga_static_library_file_directory_traversal.md      | 2 +-
 .../http/icinga_static_library_file_directory_traversal.rb      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.md b/documentation/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.md
index 01bf18dcf261..7ce11fb00b25 100644
--- a/documentation/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.md
+++ b/documentation/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.md
@@ -6,7 +6,7 @@ unauthenticated directory traversal vulnerability. The vulnerability is triggere
 through the icinga-php-thirdparty library, which allows unauthenticated users 
 to retrieve arbitrary files from the targets filesystem via a GET request to
 `/lib/icinga/icinga-php-thirdparty/<absolute path to target file on disk>` as the user
-running the Icingaweb server, which will typically be the `incinga` user.
+running the Icingaweb server, which will typically be the `www-data` user.
 
 This can then be used to retrieve sensitive configuration information from the target
 such as the configuration of various services, which may reveal sensitive login or configuration information,
diff --git a/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb b/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb
index 86df0cbfa0be..ae5e0a32b540 100644
--- a/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb
+++ b/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb
@@ -19,7 +19,7 @@ def initialize(info = {})
           through the icinga-php-thirdparty library, which allows unauthenticated users
           to retrieve arbitrary files from the targets filesystem via a GET request to
           /lib/icinga/icinga-php-thirdparty/<absolute path to target file on disk> as the user
-          running the Icingaweb server, which will typically be the incinga user.
+          running the Icingaweb server, which will typically be the www-data user.
 
           This can then be used to retrieve sensitive configuration information from the target
           such as the configuration of various services, which may reveal sensitive login