From 88f09dc30279d892108a5e5d274556e94fc3a07e Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Thu, 3 May 2018 18:35:25 -0500
Subject: [PATCH] Update a few stragglers in Drupalgeddon 2

1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
---
 lib/msf/core/exploit/http/drupal.rb                 | 13 +++++++++++++
 .../exploits/unix/webapp/drupal_drupalgeddon2.rb    |  4 ++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/msf/core/exploit/http/drupal.rb b/lib/msf/core/exploit/http/drupal.rb
index 766232a4ed..d630f404c2 100644
--- a/lib/msf/core/exploit/http/drupal.rb
+++ b/lib/msf/core/exploit/http/drupal.rb
@@ -1,3 +1,5 @@
+# -*- coding: binary -*-
+
 module Msf
 module Exploit::Remote::HTTP::Drupal
 
@@ -19,6 +21,9 @@ module Exploit::Remote::HTTP::Drupal
     datastore['TARGETURI'] = normalize_uri(datastore['TARGETURI'], '/')
   end
 
+  # Determine Drupal version
+  #
+  # @return [Gem::Version] Version as Gem::Version
   def drupal_version
     res = send_request_cgi(
       'method' => 'GET',
@@ -42,6 +47,10 @@ module Exploit::Remote::HTTP::Drupal
     version_match(generator.value)
   end
 
+  # Return CHANGELOG.txt
+  #
+  # @param version [Gem::Version] Gem::Version or version string
+  # @return [String] CHANGELOG.txt as a string
   def drupal_changelog(version)
     return unless version && Gem::Version.correct?(version)
 
@@ -59,6 +68,10 @@ module Exploit::Remote::HTTP::Drupal
     res.body
   end
 
+  # Match a Drupal version
+  #
+  # @param string [String] String to match against
+  # @return [Gem::Version] Version as Gem::Version
   def version_match(string)
     return unless string
 
diff --git a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
index 6f141db972..f003c871a9 100644
--- a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
+++ b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
@@ -293,9 +293,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     res =
       case @version.to_s
-      when '7'
+      when /^7\b/
         exploit_drupal7(func, cmd)
-      when '8'
+      when /^8\b/
         exploit_drupal8(func, cmd)
       end