Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add lost registered option DUMP_OUTPUT to Drupal SA-CORE-2019-003 exploit #11714

Merged
merged 2 commits into from Apr 11, 2019

Conversation

Projects
None yet
1 participant
@wvu-r7
Copy link
Contributor

wvu-r7 commented Apr 11, 2019

Oops, I forgot this in the refactor. It would still work as a datastore option, but it should have been registered just like in Drupalgeddon 2.

cc @rotemreiss

Fixes #11481.

@wvu-r7 wvu-r7 added module bug labels Apr 11, 2019

@wvu-r7 wvu-r7 self-assigned this Apr 11, 2019

@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

wvu-r7 commented Apr 11, 2019

msf5 exploit(unix/webapp/drupal_restws_unserialize) > options

Module options (exploit/unix/webapp/drupal_restws_unserialize):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   DUMP_OUTPUT  false            no        Dump payload command output
   METHOD       POST             yes       HTTP method to use (Accepted: GET, POST, PATCH, PUT)
   NODE         1                no        Node ID to target with GET method
   Proxies                       no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS                        yes       The target address range or CIDR identifier
   RPORT        80               yes       The target port (TCP)
   SSL          false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI    /                yes       Path to Drupal install
   VHOST                         no        HTTP server virtual host


Payload options (php/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   PHP In-Memory


msf5 exploit(unix/webapp/drupal_restws_unserialize) >

wvu-r7 added some commits Apr 11, 2019

Add lost registered option DUMP_OUTPUT
Oops, I forgot this in the refactor.

@wvu-r7 wvu-r7 force-pushed the wvu-r7:bug/drupal branch from 8492abe to 4dc2a86 Apr 11, 2019

@wvu-r7 wvu-r7 merged commit 4dc2a86 into rapid7:master Apr 11, 2019

1 check was pending

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details

wvu-r7 added a commit to wvu-r7/metasploit-framework that referenced this pull request Apr 11, 2019

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/drupal branch Apr 11, 2019

msjenkins-r7 added a commit that referenced this pull request Apr 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.