Update documentation to include missing extra options I forgot to doc…

…ument, edit the wording on the module to match the documentation, and do final touch ups.
rapid7 · Dec 23, 2020 · 70f8ff3 · 70f8ff3
1 parent 8a932b8
commit 70f8ff3
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/documentation/modules/exploit/multi/http/struts2_multi_eval_ognl.md b/documentation/modules/exploit/multi/http/struts2_multi_eval_ognl.md
@@ -1,10 +1,10 @@
 ## Vulnerable Application
 The Apache Struts framework, when forced, performs double evaluation of attributes' values assigned to certain tags
-attributes such as `id`. It is therefore possible to pass in a value to Structs that will be evaluated again
+attributes such as `id`. It is therefore possible to pass in a value to Struts that will be evaluated again
 when a tag's attributes are rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE).
 
-This vulnerability is application dependant. A server side template must make use of the data sent in an attacker's
-request to render a HTML tag attribute in order to be vulnerable.
+This vulnerability is application dependant. A server side template must make an affected use of request data to
+render an HTML tag attribute.
 
 Vulnerable versions of Apache Struts for both CVEs are provided by [vulhub][1] on GitHub. The setup instructions are identical
 for both CVEs, just use the provided files in the correct directory.
@@ -76,7 +76,13 @@ value to determine if it can be used to evaluate OGNL expressions.
 The CVE to try exploit on `RHOSTS`, either `CVE-2020-17530` or `CVE-2019-0230`.
 
 ### TARGETURI
-The base path to a valid Structs application on the target machine or machines.
+The base path to a valid Struts application on the target machine or machines.
+
+### CMDSTAGER::DELAY
+Delay between command executions. Set this value higher if the target tends to be slow to respond.
+
+### HttpCookie
+An optional cookie to include when making the HTTP request.
 
 ## Scenarios
 

diff --git a/modules/exploits/multi/http/struts2_multi_eval_ognl.rb b/modules/exploits/multi/http/struts2_multi_eval_ognl.rb
@@ -16,9 +16,9 @@ def initialize(info = {})
         info,
         'Name' => 'Apache Struts 2 Forced Multi OGNL Evaluation',
         'Description' => %q{
-          The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain
-          tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's
-          attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE).
+          The Apache Struts framework, when forced, performs double evaluation of attributes' values assigned to certain tags
+          attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a
+          tag's attributes are rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE).
 
           This vulnerability is application dependant. A server side template must make an affected use of request data to
           render an HTML tag attribute.