From 3fb9eae68767a978efebc1c22faaf629accfbbc8 Mon Sep 17 00:00:00 2001 From: Scott Davis Date: Thu, 23 Jun 2016 15:40:16 -0700 Subject: [PATCH] EOL space if a ruby devil. --- modules/exploits/multi/fileformat/swagger_param_inject.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/exploits/multi/fileformat/swagger_param_inject.rb b/modules/exploits/multi/fileformat/swagger_param_inject.rb index 0165d019bc..0a69bd902f 100644 --- a/modules/exploits/multi/fileformat/swagger_param_inject.rb +++ b/modules/exploits/multi/fileformat/swagger_param_inject.rb @@ -27,10 +27,10 @@ class MetasploitModule < Msf::Exploit::Remote This module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. - In order for the payload to be executed, an attacker must convince someone to - generate code from a specially modified swagger.json file within a vulnerable swagger-codgen - appliance/container/api/service, and then to execute that generated code (or include it into - software which will later be executed by another victim). By doing so, an attacker can execute + In order for the payload to be executed, an attacker must convince someone to + generate code from a specially modified swagger.json file within a vulnerable swagger-codgen + appliance/container/api/service, and then to execute that generated code (or include it into + software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. (The same vulnerability exists in the YAML format) }, 'License' => MSF_LICENSE,