Fedora 21 : drupal7-7.32-1.fc21 (2014-12934)

Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Drupal Core SQLi Vulnerability (SA-CORE-2014-005) - Active Check

Drupal is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Fedora 19 : drupal7-7.32-1.fc19 (2014-13053)

Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

Drupal Core 7.32 SQL Injection

Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Creditz to https://www.reddit.com/user/fyukyuk import urllib2,sys from drupalpass import DrupalHash https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py host = sys.argv1 user = sys.argv2...

Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (1)

Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Creditz to https://www.reddit.com/user/fyukyuk EDB Note Updated version: https://github.com/kenorb/drupageddon/blob/master/drupal7.xsqlinjectionsa-core-2014-005.py import urllib2,sys from drupalpass import DrupalHas...

Drupal 7.X SQL Injection

!/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and the author can not be held liable fo...

Immunity Canvas: DRUPAL_NAME_SQLI

Name| drupalnamesqli ---|--- CVE| CVE-2014-3704 Exploit Pack| CANVAS Description| Drupal injection exploit Notes| CVE Name: CVE-2014-3704 VENDOR: drupal.org Notes: This exploit replaces the password of 'Drupal User' with 'Drupal Password'. If uid is specified, 'Drupal User' is ignored...