Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix.

Co-authored-by: Jonhnathan <[email protected]>

Author: sfewer-r7

modules/exploits/windows/http/sharepoint_toolpane_rce.rb

@@ -96,7 +96,7 @@ def check
     # The returned HTML will have a blob of JavaScript that contains a hash object called _spPageContextInfo. A key
     # called siteClientTag will have a value of the current SharePoint Server patch level. We cannot rely on the HTTP
     # header value MicrosoftSharePointTeamServices as this may not reflect the actual patch level.
-    site_client_tag = res.body.match(/"siteClientTag"\s*:\s*"\d*[$]+([^"]+)",/)
+    site_client_tag = res.body.match(/"*siteClientTag"*\s*:\s*"\d*[$]+([^"]+)",/)
 
     return CheckCode::Unknown('Unable to extract the siteClientTag') unless site_client_tag