From 8b9043c3f3005573539a1b11e3358eb3f0fb723f Mon Sep 17 00:00:00 2001
From: h00die <michaeltcyr@gmail.com>
Date: Mon, 9 Nov 2020 16:03:23 -0500
Subject: [PATCH] add drupal views version info

---
 modules/auxiliary/scanner/http/drupal_views_user_enum.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb
index 1cd4b94283..0a21f6b9c1 100644
--- a/modules/auxiliary/scanner/http/drupal_views_user_enum.rb
+++ b/modules/auxiliary/scanner/http/drupal_views_user_enum.rb
@@ -14,7 +14,9 @@ class MetasploitModule < Msf::Auxiliary
       'Name'           => 'Drupal Views Module Users Enumeration',
       'Description'    => %q{
         This module exploits an information disclosure vulnerability in the 'Views'
-        module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'
+        module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'.
+        Drupal 6 with 'Views' module <= 6.x-2.11 are vulnerable.  Drupal does not
+        consider disclosure of usernames as a weakness.
       },
       'Author'         =>
         [
@@ -26,6 +28,7 @@ class MetasploitModule < Msf::Auxiliary
       'References'     =>
         [
           ['URL', 'http://www.madirish.net/node/465'],
+          ['URL', 'https://www.drupal.org/node/1004778'],
         ],
       'DisclosureDate' => '2010-07-02'
     ))