Update a few stragglers in Drupalgeddon 2

1. I added a missed header and YARD to the Drupal mixin. 2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00 · 2018-05-03 18:35:25 -05:00 · 88f09dc302
parent 29c8423d76
commit 88f09dc302
2 changed files with 15 additions and 2 deletions
--- a/lib/msf/core/exploit/http/drupal.rb
+++ b/lib/msf/core/exploit/http/drupal.rb
@ -1,3 +1,5 @@
+# -*- coding: binary -*-
+
 module Msf
 module Exploit::Remote::HTTP::Drupal

@ -19,6 +21,9 @@ module Exploit::Remote::HTTP::Drupal
    datastore['TARGETURI'] = normalize_uri(datastore['TARGETURI'], '/')
  end

+  # Determine Drupal version
+  #
+  # @return [Gem::Version] Version as Gem::Version
  def drupal_version
    res = send_request_cgi(
      'method' => 'GET',
@ -42,6 +47,10 @@ module Exploit::Remote::HTTP::Drupal
    version_match(generator.value)
  end

+  # Return CHANGELOG.txt
+  #
+  # @param version [Gem::Version] Gem::Version or version string
+  # @return [String] CHANGELOG.txt as a string
  def drupal_changelog(version)
    return unless version && Gem::Version.correct?(version)

@ -59,6 +68,10 @@ module Exploit::Remote::HTTP::Drupal
    res.body
  end

+  # Match a Drupal version
+  #
+  # @param string [String] String to match against
+  # @return [Gem::Version] Version as Gem::Version
  def version_match(string)
    return unless string

--- a/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
+++ b/modules/exploits/unix/webapp/drupal_drupalgeddon2.rb
@ -293,9 +293,9 @@ class MetasploitModule < Msf::Exploit::Remote

    res =
      case @version.to_s
-      when '7'
+      when /^7\b/
        exploit_drupal7(func, cmd)
-      when '8'
+      when /^8\b/
        exploit_drupal8(func, cmd)
      end