From e3df74ee5b6ff2287fcd2e4156dd4b7a6be19e84 Mon Sep 17 00:00:00 2001
From: h00die-gr3y <h00die.gr3y@gmail.com>
Date: Mon, 20 Mar 2023 21:04:58 +0000
Subject: [PATCH] Updates addressing review points of space-r7

---
 .../multi/http/monitorr_webshell_rce_cve_2020_28871.md      | 4 ++--
 .../multi/http/monitorr_webshell_rce_cve_2020_28871.rb      | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/documentation/modules/exploit/multi/http/monitorr_webshell_rce_cve_2020_28871.md b/documentation/modules/exploit/multi/http/monitorr_webshell_rce_cve_2020_28871.md
index 3bea379acd..476001392f 100644
--- a/documentation/modules/exploit/multi/http/monitorr_webshell_rce_cve_2020_28871.md
+++ b/documentation/modules/exploit/multi/http/monitorr_webshell_rce_cve_2020_28871.md
@@ -1,7 +1,7 @@
 ## Vulnerable Application
 
-This module exploits CVE-2020-28871, a Remote Code Execution (RCE) vulnerability in Monitorr, a web application
-that allows you to setup a dashboard to monitor various web site/web application up or down state.
+This module exploits an arbitrary file upload vulnerability (CVE-2020-28871) that results into an RCE in Monitorr,
+a web application that allows you to setup a dashboard to monitor various web site/web application up or down state.
 All versions including `v1.7.6m` are vulnerable and no patch is available.
 
 The vulnerability occurs due to a lack of appropriate validation when uploading a malicious `GIF` file with
diff --git a/modules/exploits/multi/http/monitorr_webshell_rce_cve_2020_28871.rb b/modules/exploits/multi/http/monitorr_webshell_rce_cve_2020_28871.rb
index 177363c35b..af5d50b8be 100644
--- a/modules/exploits/multi/http/monitorr_webshell_rce_cve_2020_28871.rb
+++ b/modules/exploits/multi/http/monitorr_webshell_rce_cve_2020_28871.rb
@@ -18,15 +18,15 @@ class MetasploitModule < Msf::Exploit::Remote
         info,
         'Name' => 'Monitorr unauthenticated Remote Code Execution (RCE)',
         'Description' => %q{
-          This module exploits a Remote Code Execution vulnerability that has been identified in the Monitorr application.
+          This module exploits an arbitrary file upload vulnerability and achieving an RCE in the Monitorr application.
           Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation.
           Any user privileges can exploit this vulnerability and it results in access to the underlying operating system with the same privileges
           under which the web services run (typically user www-data).
           Monitorr 1.7.6m, 1.7.7d and below are affected.
         },
         'Author' => [
-          'Lyhins Lab', # discovery
-          'h00die-gr3y <h00die.gr3y[at]gmail.com>' # Metasploit module
+          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # Metasploit module
+          'Lyhins Lab' # discovery
         ],
         'References' => [
           [ 'CVE', '2020-28871' ],