Examples of common attack vectors and defenses against the drupalgeddon SQL injection vulnerability
PHP JavaScript CSS Shell Perl VCL
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


#Drupalgeddon examples

youtube video

The files included in this repository are a reverse engineered version of the files which were used against my site during the Drupalgeddon attacks. Read more at http://mattkorostoff.com/article/I-survived-drupalgeddon-how-hackers-took-over-my-site


##Attack files

  • exploit.php: the main attack file. This injects some SQL and installs 2 backdoors.
  • deobfuscate.php: for reference only. A deobfuscated version of the file which is uploaded on line 60 of exploit.php
  • execute-php.php: must be used in conjunction with exploit.php. Once exploit.php has finished running, execute-php.php can be used to run any php on the exploited server.
  • inject-sql.php: a stand alone client for SQL injection. This file may be used on its own without running any other file.
  • uploader.php: for reference only. a local version of the file which is fetched on line 175 of exploit.php

##Defense files

  • secure_file_permissions.sh: A shell script which will set your file permissions to safe values
  • varnish_config.vcl: an example VCL file which will drop all post traffic in Varnish
  • htaccess.txt: works with the above VCL file. creates a list of IP which are permitted to access apache directly without going through varnish.

##Reference files

  • exploited_code: an exact copy of my code base, after it was attacked.
  • exploited_db.sql.zip: an exact copy of my database, after it was attacked (passwords removed)