Land #9970, final update to Drupalgeddon 2

4.x
William Vu 2018-05-03 18:41:34 -05:00 committed by Jeffrey Martin
parent 935fa6414e
commit a74b2b5716
No known key found for this signature in database
GPG Key ID: 0CD9BBC2AF15F171
2 changed files with 15 additions and 2 deletions

View File

@ -1,3 +1,5 @@
# -*- coding: binary -*-
module Msf
module Exploit::Remote::HTTP::Drupal
@ -19,6 +21,9 @@ module Exploit::Remote::HTTP::Drupal
datastore['TARGETURI'] = normalize_uri(datastore['TARGETURI'], '/')
end
# Determine Drupal version
#
# @return [Gem::Version] Version as Gem::Version
def drupal_version
res = send_request_cgi(
'method' => 'GET',
@ -42,6 +47,10 @@ module Exploit::Remote::HTTP::Drupal
version_match(generator.value)
end
# Return CHANGELOG.txt
#
# @param version [Gem::Version] Gem::Version or version string
# @return [String] CHANGELOG.txt as a string
def drupal_changelog(version)
return unless version && Gem::Version.correct?(version)
@ -59,6 +68,10 @@ module Exploit::Remote::HTTP::Drupal
res.body
end
# Match a Drupal version
#
# @param string [String] String to match against
# @return [Gem::Version] Version as Gem::Version
def version_match(string)
return unless string

View File

@ -293,9 +293,9 @@ class MetasploitModule < Msf::Exploit::Remote
res =
case @version.to_s
when '7'
when /^7\b/
exploit_drupal7(func, cmd)
when '8'
when /^8\b/
exploit_drupal8(func, cmd)
end