Clean up some of the module's documentation

rapid7 · Apr 16, 2024 · 9cf4372 · 9cf4372
1 parent 80a8ffd
commit 9cf4372
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/documentation/modules/exploit/multi/http/pgadmin_session_deserialization.md b/documentation/modules/exploit/multi/http/pgadmin_session_deserialization.md
@@ -1,4 +1,4 @@
-*## Vulnerable Application
+## Vulnerable Application
 pgAdmin versions <= 8.3 have a path traversal vulnerability within their session management logic that can allow a
 pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to
 execute code within the context of the target application.
@@ -41,6 +41,8 @@ For a production setup, a server like Apache should be setup to run pgAdmin thro
 1. [Download][1] and install the Windows build
 1. Copy the `config_distro.py` file to `config_local.py`
 1. Edit `config_local.py` and set `SERVER_MODE` to `True`
+1. Upgrade pip:  `..\python\python.exe -m pip upgrade`
+1. Install python package required by `setup.py`:  `..\python\python.exe -m pip install "psycopg[binary,pool]"`
 1. Initialize the database: `..\python\python.exe setup.py setup-db`
 1. Create an initial user account: `..\python\python.exe setup.py add-user --admin [email protected] Password1!`
 1. Run the application: `..\python\python.exe pgAdmin4.py`

diff --git a/modules/exploits/multi/http/pgadmin_session_deserialization.rb b/modules/exploits/multi/http/pgadmin_session_deserialization.rb
@@ -34,7 +34,6 @@ def initialize(info = {})
           'Spencer McIntyre', # metasploit module
           'Davide Silvetti', # vulnerability discovery and write up
           'Abdel Adim Oisfi' # vulnerability discovery and write up
-
         ],
         'License' => MSF_LICENSE,
         'References' => [
@@ -54,7 +53,7 @@ def initialize(info = {})
           'WfsDelay' => 5
         },
         'DefaultTarget' => 0,
-        'DisclosureDate' => '2024-03-04', # date it was patched https://github.com/pgadmin-org/pgadmin4/commit/4e49d752fba72953acceeb7f4aa2e6e32d25853d
+        'DisclosureDate' => '2024-03-04', # date it was patched, see: https://github.com/pgadmin-org/pgadmin4/commit/4e49d752fba72953acceeb7f4aa2e6e32d25853d
         'Notes' => {
           'Stability' => [ CRASH_SAFE, ],
           'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, ],