Land #9931, minor fixes for #9876 (Drupalgeddon 2)

4.x
William Vu 2018-04-25 18:14:12 -05:00 committed by Metasploit
parent d340ef2632
commit 492b6003b5
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 0 additions and 12 deletions

View File

@ -19,8 +19,6 @@ class MetasploitModule < Msf::Exploit::Remote
This module exploits a Drupal property injection in the Forms API. This module exploits a Drupal property injection in the Forms API.
Drupal 6.x, < 7.58, 8.2.x, < 8.3.9, < 8.4.6, and < 8.5.1 are vulnerable. Drupal 6.x, < 7.58, 8.2.x, < 8.3.9, < 8.4.6, and < 8.5.1 are vulnerable.
Tested on 7.57 and 8.4.5.
}, },
'Author' => [ 'Author' => [
'Jasper Mattsson', # Vulnerability discovery 'Jasper Mattsson', # Vulnerability discovery
@ -201,16 +199,6 @@ class MetasploitModule < Msf::Exploit::Remote
end end
end end
# XXX: Ivars are being preserved
def cleanup
begin
remove_instance_variable(:@version)
rescue NameError
end
super
end
def dropper_assert def dropper_assert
php_file = Pathname.new( php_file = Pathname.new(
"#{datastore['WritableDir']}/#{random_crap}.php" "#{datastore['WritableDir']}/#{random_crap}.php"