Content Management Systems
Interesting Writeups
Drupal
Enumeration
Drupalgeddon2 RCE [ Drupal < 7.58 | 8.x < 8.3.9 | 8.4.x < 8.4.6 | 8.5.x < 8.5.1]
CVE 2018-7600
Detailed Write-up:https://research.checkpoint.com/2018/uncovering-drupalgeddon-2/
Exploit 1
Download Exploit
Exploit 2
May not always work
Drupal 8.x [CVE-2019–6340]
Unauthenticated remote code execution flaw in Drupal 8’s REST API module, which affects websites with Drupal REST API option enabled.
Exploit guide : https://medium.com/@briskinfosec/drupal-core-remote-code-execution-vulnerability-cve-2019-6340-35dee6175afa
Exploit : https://www.exploit-db.com/exploits/46459
python3 Drupal.py <Target-URL> <OS-Command>
Drupal 7.x Module Services
Exploit provides hash of the admin user a valid session cookie.
searchsploit -x php/webapps/41564.php
Identify the
rest_endpoint
andrest_path
and modify in payload script.Check <URL>/rest, <URL>/rest_endpoint
Execute :
The following 2 files will be created in the current directory.
You can either use the session details with a cookie manager or attempt to crack the admin password hash.
Last updated