diff --git a/modules/exploits/multi/http/drupal_drupageddon.rb b/modules/exploits/multi/http/drupal_drupageddon.rb
index bcebad5820..689baf6a0f 100644
--- a/modules/exploits/multi/http/drupal_drupageddon.rb
+++ b/modules/exploits/multi/http/drupal_drupageddon.rb
@@ -28,7 +28,9 @@ class Metasploit3 < Msf::Exploit::Remote
         ],
       'References'     =>
         [
-	  ['CVE', '2014-3704']
+          ['CVE', '2014-3704'],
+          ['URL', 'https://www.drupal.org/SA-CORE-2014-005'],
+          ['URL', 'http://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html']
         ],
       'Privileged'     => false,
       'Platform'       => ['php'],
@@ -112,7 +114,6 @@ class Metasploit3 < Msf::Exploit::Remote
   def exploit
 
     # TODO: Password hashing function
-    # TODO: Check returns from regex matches, fail if nil
     # TODO: Check if option admin_role exists via admin/people/permissions/roles
 
     # call login page to extract tokens
@@ -201,7 +202,6 @@ class Metasploit3 < Msf::Exploit::Remote
     enabled_module_regex = /name="(.+)" value="1" checked="checked" class="form-checkbox"/
     enabled_matches = res.body.to_enum(:scan, enabled_module_regex).map { Regexp.last_match }
 
-
     unless enabled_matches
       fail_with(Failure::Unknown, "No modules enabled is incorrect, bailing.")
     end
@@ -338,4 +338,3 @@ class Metasploit3 < Msf::Exploit::Remote
     )
   end
 end
-