drupal-exploit

CVE-2018-7600

This script will exploit the (CVE-2018-7600) vulnerability in Drupal 7 <= 7.57 by poisoning the recover password form (user/password) and triggering it with the upload file via ajax (/file/ajax).

: drupal.py http(s)://drupaldomain/drupal/ uid=33(www-data) gid=33(www-data) groups=33(www-data)

https://nvd.nist.gov/vuln/detail/CVE-2018-7600

https://www.drupal.org/sa-core-2018-002