Lucene search
K

6 matches found

0day.today
0day.today
added 2018/03/29 12:0 a.m.900 views

Drupal 7.0 < 7.31 - Drupalgeddon SQL Injection (Admin Session) Exploit

Exploit for php platform in category web applications //· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url ||...

7.5CVSS0.3AI score0.99974EPSS
Exploits20
Nmap
Nmap
added 2015/12/14 9:29 p.m.1443 views

http-vuln-cve2014-3704 NSE Script

Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...

10CVSS0.99974EPSS
Exploits53
Exploit DB
Exploit DB
added 2014/11/03 12:0 a.m.86 views

Drupal 7.0 &lt; 7.31 - &#039;Drupalgeddon&#039; SQL Injection (Admin Session)

//· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url || strpos$url,'https' === False echo "please state the cook...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2014/11/03 12:0 a.m.21 views

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Remote Code Execution)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection Remote Code Execution // and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url =...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/03 12:0 a.m.177 views

Drupal 7.0 &lt; 7.31 - &#039;Drupalgeddon&#039; SQL Injection (Remote Code Execution)

// and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $code|$file'."\n"; die; ...

7.4AI score
Exploits0
OSV
OSV
added 2014/10/15 12:0 a.m.34 views

DSA-3051-1 drupal7 - security update

Bulletin has no description...

7.5CVSS6.7AI score0.99974EPSS
Exploits20
Rows per page
Query Builder