Immunity Canvas: DRUPAL_NAME_SQLI

2014-10-15T20:55:06
ID DRUPAL_NAME_SQLI
Type canvas
Reporter Immunity Canvas
Modified 2014-10-15T20:55:06

Description

Name| drupal_name_sqli
---|---
CVE| CVE-2014-3704
Exploit Pack| CANVAS
Description| Drupal injection exploit
Notes| CVE Name: CVE-2014-3704
VENDOR: drupal.org
Notes:

This exploit replaces the password of 'Drupal User' with 'Drupal Password'.
If uid is specified, 'Drupal User' is ignored.

Repeatability: Infinite
References: ['https://www.drupal.org/SA-CORE-2014-005']
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704