From 9cf4372f2b624c27dac51b5faa52b2565fbf7dd2 Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Tue, 16 Apr 2024 13:36:21 -0400
Subject: [PATCH] Clean up some of the module's documentation

---
 .../exploit/multi/http/pgadmin_session_deserialization.md     | 4 +++-
 .../exploits/multi/http/pgadmin_session_deserialization.rb    | 3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/documentation/modules/exploit/multi/http/pgadmin_session_deserialization.md b/documentation/modules/exploit/multi/http/pgadmin_session_deserialization.md
index 4b93c3b16e13..64eafa54137e 100644
--- a/documentation/modules/exploit/multi/http/pgadmin_session_deserialization.md
+++ b/documentation/modules/exploit/multi/http/pgadmin_session_deserialization.md
@@ -1,4 +1,4 @@
-*## Vulnerable Application
+## Vulnerable Application
 pgAdmin versions <= 8.3 have a path traversal vulnerability within their session management logic that can allow a
 pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to
 execute code within the context of the target application.
@@ -41,6 +41,8 @@ For a production setup, a server like Apache should be setup to run pgAdmin thro
 1. [Download][1] and install the Windows build
 1. Copy the `config_distro.py` file to `config_local.py`
 1. Edit `config_local.py` and set `SERVER_MODE` to `True`
+1. Upgrade pip:  `..\python\python.exe -m pip upgrade`
+1. Install python package required by `setup.py`:  `..\python\python.exe -m pip install "psycopg[binary,pool]"`
 1. Initialize the database: `..\python\python.exe setup.py setup-db`
 1. Create an initial user account: `..\python\python.exe setup.py add-user --admin metasploit@gmail.com Password1!`
 1. Run the application: `..\python\python.exe pgAdmin4.py`
diff --git a/modules/exploits/multi/http/pgadmin_session_deserialization.rb b/modules/exploits/multi/http/pgadmin_session_deserialization.rb
index 4f14ea72ae01..ebbb090410bd 100644
--- a/modules/exploits/multi/http/pgadmin_session_deserialization.rb
+++ b/modules/exploits/multi/http/pgadmin_session_deserialization.rb
@@ -34,7 +34,6 @@ def initialize(info = {})
           'Spencer McIntyre', # metasploit module
           'Davide Silvetti', # vulnerability discovery and write up
           'Abdel Adim Oisfi' # vulnerability discovery and write up
-
         ],
         'License' => MSF_LICENSE,
         'References' => [
@@ -54,7 +53,7 @@ def initialize(info = {})
           'WfsDelay' => 5
         },
         'DefaultTarget' => 0,
-        'DisclosureDate' => '2024-03-04', # date it was patched https://github.com/pgadmin-org/pgadmin4/commit/4e49d752fba72953acceeb7f4aa2e6e32d25853d
+        'DisclosureDate' => '2024-03-04', # date it was patched, see: https://github.com/pgadmin-org/pgadmin4/commit/4e49d752fba72953acceeb7f4aa2e6e32d25853d
         'Notes' => {
           'Stability' => [ CRASH_SAFE, ],
           'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, ],