From 0876aa54bbee401ea6a8da56632182366a6e1468 Mon Sep 17 00:00:00 2001
From: xanhacks <xanhacks@protonmail.com>
Date: Fri, 3 Nov 2023 20:35:44 +0100
Subject: [PATCH] add drupal framework

---
 content/en/docs/framework/drupal.md | 55 +++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 content/en/docs/framework/drupal.md

diff --git a/content/en/docs/framework/drupal.md b/content/en/docs/framework/drupal.md
new file mode 100644
index 0000000..5375a48
--- /dev/null
+++ b/content/en/docs/framework/drupal.md
@@ -0,0 +1,55 @@
+---
+title: "Drupal"
+description: "Cheatsheet on Drupal library"
+lead: "Cheatsheet on Drupal library"
+date: 2023-01-01T00:00:00+00:00
+lastmod: 2023-01-01T00:00:00+00:00
+draft: false
+images: []
+menu:
+  docs:
+    parent: "framework"
+weight: 620
+toc: true
+---
+
+## Drupal
+
+[Drupal](https://git.drupalcode.org/project/drupal) is an open source content management platform supporting a variety of websites ranging from personal weblogs to large community-driven websites. 
+ 
+### Discovery
+
+**Content:**
+
+- **Users** are located under `/user/<user-id>`.
+- **Nodes** are located under `/node/<node-id>`.
+- **Plugins** are located under `/modules/<module-name>/`.
+- **Themes** are located under `/themes/<theme-name>/`.
+
+[drupal_modules_path.txt](https://github.com/xanhacks/web-wordlists/blob/master/wordlists/drupal_modules_path.txt): List of all Drupal modules from www.drupal.org, sort by *Most installed*.
+
+**Authentication:**
+
+- `/user/register`
+- `/user/login` or `/user`
+- `/user/password`
+
+**Version:**
+
+- `/CHANGELOG.txt`
+- `/INSTALL.txt`
+- `/UPGRADE.txt`
+
+```html
+<meta name="generator" content="Drupal 7 (https://www.drupal.org)" />
+```
+
+### Admin account into RCE
+
+ - [Services module unserialize to rce](https://github.com/p0dalirius/Awesome-RCE-techniques/blob/master/Content-Management-Systems-(CMS)/Drupal/techniques/Services-module-unserialize-to-rce/README.md)
+ - [Upload a plugin](https://github.com/p0dalirius/Awesome-RCE-techniques/blob/master/Content-Management-Systems-(CMS)/Drupal/techniques/Upload-a-plugin/README.md)
+ - [Upload a Theme](https://github.com/p0dalirius/Awesome-RCE-techniques/blob/master/Content-Management-Systems-(CMS)/Drupal/techniques/Upload-a-theme/README.md)
+
+### Others
+
+- Drupal often use `$_REQUEST` instead of `$_GET` or `$_POST`, so you can switch a POST request to a GET request and vice versa.
\ No newline at end of file