Fix #9876, minor updates to Drupalgeddon 2
1. Tested versions are already listed in the module doc, and we've tested more than just 7.57 and 8.4.5 now. Removing a source of potential inconsistency in the future. 2. No problem with ivars anymore. No idea what happened, but maybe I was just too tired to code. Removing cleanup method.
This commit is contained in:
William Vu
@@ -19,8 +19,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
This module exploits a Drupal property injection in the Forms API.
|
||||
|
||||
Drupal 6.x, < 7.58, 8.2.x, < 8.3.9, < 8.4.6, and < 8.5.1 are vulnerable.
|
||||
|
||||
Tested on 7.57 and 8.4.5.
|
||||
},
|
||||
'Author' => [
|
||||
'Jasper Mattsson', # Vulnerability discovery
|
||||
@@ -201,16 +199,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||
end
|
||||
end
|
||||
|
||||
# XXX: Ivars are being preserved
|
||||
def cleanup
|
||||
begin
|
||||
remove_instance_variable(:@version)
|
||||
rescue NameError
|
||||
end
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
def dropper_assert
|
||||
php_file = Pathname.new(
|
||||
"#{datastore['WritableDir']}/#{random_crap}.php"
|
||||
|
||||
Reference in New Issue
Block a user