-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Drupal Drupalgeddon 2 #9876
Conversation
3897d04
to
50f8058
Compare
bced7e2
to
6838a4e
Compare
A php demo is prepared for exp tests. It shows how to exploit CVE-2018-7600.
|
msf5 exploit(unix/webapp/drupal_drupalgeddon2) > set TARGETURI /drupal [-] Could not determine Drupal version to target [*] Drupal 7.x targeted at http://192.168.253.129/drupal/ |
@alfonsocaponi that makes sense. At a guess,
|
@bcoles according to you, it could be useful add an option about redirect? :) |
@alfonsocaponi: Happy to make the change. |
Hmm, it'll be more complicated than that. Reactively writing in |
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Bah, it's catching my rebases. It's always a mistake to reference a PR in a commit. :/ |
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
Thanks to a reviewer for noticing my drupal_unpatched? method was tri-state because of an unrefactored return. Oops! :)
@alfonsocaponi: See if the latest code works for you. Thanks. |
All right, I've committed what I hope to be my final revision to the module. Happy hunting. Bug reports welcome. |
Hi - I have been trying to exploit a Raspbian/LAMP/Drupal8.5.0 install without success - any ideas why? Below is the output - thanks for any help! [] Started reverse TCP handler on 192.168.152.128:4444 [] Drupal 8 targeted at http://192.168.1.104/drupal/ |
@user124567: Are you sure your payload settings are correct? The payload can connect back? Also, it's possible there's no PHP CLI, or perhaps |
Thanks for taking the time to reply, have checked PHP CLI is installed and passthru is enabled, cmd/unix/generic doesn't run (not a compatible payload) but I tried all the available options without success as well, also with php_func = exec I have the exploit running well against an intel cpu install we have but not the RaspberryPi install - again grateful for any suggestions - thanks |
If |
Happy to wrap up debugging this with you here, though. :) |
Next thing I would suggest is using |
Resolves #9789.