Fix check method.

modules/exploits/multi/http/nibbleblog_file_upload.rb

@@ -45,18 +45,6 @@ class Metasploit3 < Msf::Exploit::Remote
       ], self.class)
   end
 
-  def check
-    res = send_request_cgi(
-      'method'      => 'GET',
-      'uri'         => normalize_uri(target_uri.path, 'admin.php')
-    )
-
-    if res && res.code == 200 && res.body.include?('Sign in to Nibbleblog admin area')
-      return Exploit::CheckCode::Appears
-    end
-    Exploit::CheckCode::Safe
-  end
-
   def username
     datastore['USERNAME']
   end
@@ -65,6 +53,26 @@ class Metasploit3 < Msf::Exploit::Remote
     datastore['PASSWORD']
   end
 
+  def check
+    cookie = do_login(username, password)
+    return Exploit::CheckCode::Detected unless cookie
+
+    res = send_request_cgi(
+      'method'      => 'GET',
+      'uri'         => normalize_uri(target_uri.path, 'admin.php'),
+      'cookie'      => cookie,
+      'vars_get'    => {
+        'controller'  => 'settings',
+        'action'      => 'general'
+      }
+    )
+
+    if res && res.code == 200 && res.body.include?('Nibbleblog 4.0.3 "Coffee"')
+      return Exploit::CheckCode::Vulnerable
+    end
+    Exploit::CheckCode::Safe
+  end
+
   def do_login(user, pass)
     res = send_request_cgi(
       'method'      => 'GET',