added description, references

space-r7 · space-r7 · commit 3729e9ed7b66 · 2018-10-24T09:46:00.000-05:00
diff --git a/modules/auxiliary/admin/smb/webexec_command.rb b/modules/auxiliary/admin/smb/webexec_command.rb
@@ -17,7 +17,8 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'WebEx Remote Command Execution Utility',
       'Description'    => %q{
-      TODO
+        This module enables the execution of a single command as System by exploiting a remote
+        code execution vulnerability in Cisco's WebEx client software.
       },
 
       'Author'         => [
@@ -26,7 +27,8 @@ def initialize(info = {})
 
       'License'        => MSF_LICENSE,
       'References'     => [
-        # TODO
+        ['URL', 'https://webexec.org'],
+        ['CVE', '2018-15442']
       ]
     ))
 
@@ -35,12 +37,9 @@ def initialize(info = {})
       OptString.new('RPORT', [true, 'The Target port', 445]),
       OptString.new('FORCE_GUI', [true, 'Ensure a GUI is created via wmic', 'false']),
     ])
-
-    register_advanced_options([
-    ])
   end
 
-  # This is the main controle method
+  # This is the main control method
   def run_host(ip)
     @smbshare = datastore['SMBSHARE']
     @ip = ip
diff --git a/modules/exploits/windows/local/webexec.rb b/modules/exploits/windows/local/webexec.rb
@@ -17,11 +17,12 @@ def initialize(info={})
     super( update_info( info,
       'Name'        => 'WebEx local service permissions exploit',
       'Description' => %q{
-        This module exploits a a flaw in the 'webexservice' Windows service,  which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations.
+        This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations.
       },
       'References' =>
         [
-          ['URL', 'https://webexec.org']
+          ['URL', 'https://webexec.org'],
+          ['CVE', '2018-15442']
         ],
       'DisclosureDate' => "Oct 09 2018",
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/smb/webexec.rb b/modules/exploits/windows/smb/webexec.rb
@@ -27,7 +27,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'WebExec Authenticated User Code Execution',
       'Description'    => %q{
-        This module uses a valid  username and password of any level (or
+        This module uses a valid username and password of any level (or
         password hash) to execute an arbitrary payload. This module is similar
         to the "psexec" module, except allows any non-guest account by default.
       },
@@ -44,6 +44,7 @@ def initialize(info = {})
         },
       'References'     =>
         [
+          ['URL', 'https://webexec.org'],
           [ 'CVE', '2018-15442' ],
         ],
       'Payload'        =>
