New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #9876, second round of Drupalgeddon 2 updates #9968

Merged
merged 1 commit into from May 3, 2018

Conversation

Projects
None yet
2 participants
@wvu-r7
Copy link
Contributor

wvu-r7 commented May 3, 2018

WIP

A mixin has been created for Drupal. Targeting has also been improved.

#9876, #9931

@wvu-r7 wvu-r7 added module bug labels May 3, 2018

@wvu-r7 wvu-r7 force-pushed the wvu-r7:bug/drupal branch 8 times, most recently from 0027ee6 to 9e05855 May 3, 2018

@wvu-r7 wvu-r7 added the delayed label May 3, 2018

Fix #9876, second round of Drupalgeddon 2 updates
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)

@wvu-r7 wvu-r7 force-pushed the wvu-r7:bug/drupal branch from 9e05855 to 728d7bc May 3, 2018

@wvu-r7 wvu-r7 removed the delayed label May 3, 2018

@wvu-r7 wvu-r7 self-assigned this May 3, 2018

@wvu-r7

This comment has been minimized.

Copy link
Contributor

wvu-r7 commented May 3, 2018

Verified working against all targets.

wvu-r7 added a commit to wvu-r7/metasploit-framework that referenced this pull request May 3, 2018

@wvu-r7 wvu-r7 merged commit 728d7bc into rapid7:master May 3, 2018

1 of 3 checks passed

Metasploit Automation - Sanity Test Execution Build triggered. sha1 is merged.
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
Metasploit Automation - Test Execution Successfully ran `autoPayloadTest.py`.
Details
return unless string

# Perl devs love me; Ruby devs hate me
string =~ /^Drupal ([\d.]+)/

This comment has been minimized.

@wvu-r7

wvu-r7 May 3, 2018

Contributor

AFAICT, this is only the major version, but I've included . in case that ever changes.

@@ -282,9 +293,9 @@ def execute_command(cmd, opts = {})

res =
case @version.to_s
when '7.x'
when '7'

This comment has been minimized.

@wvu-r7

wvu-r7 May 3, 2018

Contributor

This could be /^7\b/, but the full version hasn't been observed yet.

https://github.com/rapid7/metasploit-framework/pull/9968/files#r185957070

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/drupal branch May 3, 2018

@@ -381,7 +326,7 @@ def exploit_drupal7(func, code)

res = send_request_cgi(
'method' => 'POST',
'uri' => target_uri.path,
'uri' => normalize_uri(target_uri.path),

This comment has been minimized.

@wvu-r7

wvu-r7 May 3, 2018

Contributor

Technically TARGETURI is already normalized in setup, but this is the only way to be sure.

This comment has been minimized.

@wvu-r7

wvu-r7 May 3, 2018

Contributor

💥 🌎

@wvu-r7

This comment has been minimized.

Copy link
Contributor

wvu-r7 commented May 3, 2018

Release Notes

The Drupal Drupalgeddon 2 exploit now uses a newly created Drupal mixin. Targeting has also been improved, including reporting if Drupal appears patched via CHANGELOG.txt.

jmartin-r7 added a commit that referenced this pull request May 4, 2018

@tdoan-r7 tdoan-r7 added the rn-fix label May 17, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment