From 492b6003b57d4070a7644cb0573214d17e8cd37a Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 25 Apr 2018 18:14:12 -0500 Subject: [PATCH] Land #9931, minor fixes for #9876 (Drupalgeddon 2) --- modules/exploits/unix/webapp/drupal_drupalgeddon2.rb | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb index f7e2c09cc9..59bce898c4 100644 --- a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb +++ b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb @@ -19,8 +19,6 @@ class MetasploitModule < Msf::Exploit::Remote This module exploits a Drupal property injection in the Forms API. Drupal 6.x, < 7.58, 8.2.x, < 8.3.9, < 8.4.6, and < 8.5.1 are vulnerable. - - Tested on 7.57 and 8.4.5. }, 'Author' => [ 'Jasper Mattsson', # Vulnerability discovery @@ -201,16 +199,6 @@ class MetasploitModule < Msf::Exploit::Remote end end - # XXX: Ivars are being preserved - def cleanup - begin - remove_instance_variable(:@version) - rescue NameError - end - - super - end - def dropper_assert php_file = Pathname.new( "#{datastore['WritableDir']}/#{random_crap}.php"