vulns

It is an offensive tool for Linux. The repository, 'vulns', contains a collection of vulnerabilities and attacks, including Slowloris, BEAST, CRIME, BREACH, TIME, Heartbleed, CCS Injection, Shellshock, Drupalgeddon, POODLE, goto fail, GHOST, FREAK, Superfish, Rowhammer, Logjam, Stagefright, VENOM...

Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in dozens of unsuccessful attacks against our customers, with an unknown number of attacks, some like...

Fedora 28 : drupal8 (2018-8fd924a53d) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/8.4.8 - https://www.drupal.org/SA-CORE-2018-004 - https://www.drupal.org/project/drupal/releases/8.4.7 - https://www.drupal.org/sa-core-2018-003 RPM update: drupal8-rpmbuild package dependencies fixed Note that Tenable Network Security has extracted...

Fedora 28 : drupal7 (2018-43c64deada) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2...

New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called PerlBot or Shellbot. Researchers a...

Staying Safe in the Era of Browser-based Cryptocurrency Mining

Qualys Malware Research Labs is announcing the release of Qualys BrowserCheck CoinBlocker Chrome extension to detect and block browser-based cryptocurrency mining, aka cryptojacking. Cryptojacking Cryptojacking attacks leverage the victim system’s resources via malicious JavaScript to mine certai...

A look into Drupalgeddon’s client-side attacks

Drupal is one of the most popular Content Management Systems CMS, along with WordPress and Joomla. In late March 2018, Drupal was affected by a major remote code execution vulnerability CVE-2018-7600 followed by yet another CVE-2018-7602 almost a month later, both aptly nicknamed Drupalgeddon 2 a...

Fedora 26 : drupal7 (2018-2359c2ae0e) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Fedora 27 : drupal7 (2018-b9ad458866) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

Yet another bad actor has taken advantage of Drupal sites still vulnerable to “Drupalgeddon 2.0,” this time to mine cryptocurrency. The bad script, dubbed the “Kitty” cryptomining malware, takes advantage of the known critical remote-code execution vulnerability in Drupal CVE-2018-7600 to target...

Debian DLA-1365-1 : drupal7 security update (Drupalgeddon 2)

A remote code execution vulnerability has been found within multiple subsystems of Drupal. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. For Debian 7 'Wheezy', these problems have been fixed in version...

Drupal Drupalgeddon 2 Forms API Property Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal...

Drupal Drupalgeddon 2 Forms API Property Injection Exploit

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...

Drupalgeddon Two.

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a...

Drupal Drupalgeddon 2 Forms API Property Injection

This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Jasper Mattsson', Vulnerability discovery 'a2u', Proof of concept...

Exploit for Improper Input Validation in Drupal

Drupalgeddon 2 MSF exploit module for Drupalgeddon 2 CVE-201...

Drupalgeddon 2.0: Are Hackers Slacking Off?

Ever since March 28th, when Drupal published a patch for a RCE named Drupalgeddon 2.0 SA-CORE-2018-002/CVE-2018-7600, Imperva has been monitoring our cloud looking for hackers’ attempts to exploit the vulnerability, but found nothing. Until today. It somehow seems fitting that nefarious activity...

Debian DSA-4156-1 : drupal7 - security update (Drupalgeddon 2)

A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002 C Tenable Network Security, Inc. The descriptive text and package checks in...

Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Remote Code Execution)

// and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $code|$file'."\n"; die; ...