From 7ea5c3ffcec593c6884da3d8a5d4e58eb5984390 Mon Sep 17 00:00:00 2001
From: Pedro Ribeiro <pedrib@gmail.com>
Date: Thu, 28 Jan 2021 18:23:20 +0700
Subject: [PATCH] add clarification about c3p0

---
 .../modules/exploit/multi/http/microfocus_obm_auth_rce.md       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/documentation/modules/exploit/multi/http/microfocus_obm_auth_rce.md b/documentation/modules/exploit/multi/http/microfocus_obm_auth_rce.md
index f9737cb132..a19d657eb2 100644
--- a/documentation/modules/exploit/multi/http/microfocus_obm_auth_rce.md
+++ b/documentation/modules/exploit/multi/http/microfocus_obm_auth_rce.md
@@ -15,6 +15,8 @@ Exploiting this vulnerability will result in remote code execution as the root u
 Authentication is required, the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. 
 Any authenticated user can exploit this vulnerability, even the lowest privileged ones.
 
+The exploit uses a modified ysoserial c3p0 payload. The only part that is modified is that c3p0 is built using version 0.9.1.2, so that the serialVersionUid of the target is the same as the exploit. This can be achieved by patching ysoserial's pom.xml.
+
 For more information refer to the advisory link:
 * https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBM.md